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(b) All the claims are believed to be directed to a single invention. If the 
Office determines that all the claims presented are not obviously directed to a single 
invention, then Applicants will make an election without traverse as a prerequisite to the 
grant of special status. 

(c) Pre-examination searches were made of U.S. issued patents, including 
a classification search, a computer database search, and a keyword search. The searches were 
performed on or around July 15, 2004, and were conducted by a professional search firm, 
Kramer & Amado, P.C. The classification search covered Class 709 (subclass 217), Class 
710 (subclasses 8, 62, and 203), and Class 711 (subclasses 154 and 202) for the U.S. and 
foreign subclasses identified above. The computer database search was conducted on the 
USPTO systems EAST and WEST. The keyword search was conducted in Class 709 
(subclasses 203, 219, and 229). The inventors fiirther provided two references considered 
most closely related to the subject matter of the present application (see references #5-6 
below), which were cited in the Information Disclosure Statements filed on August 20, 2003. 

(d) The following references, copies of which are attached herewith, are 
deemed most closely related to the subject matter encompassed by the claims: 



(1) 


U.S. Patent Publication No. 2002/0112023 Al; 


(2) 


European Patent Publication No. EP 0794479 Al; 


(3) 


U.S. Patent Publication No. 2002/0083120 Al; 


(4) 


U.S. Patent Publication No. 2002/0161860 Al; 


(5) 


U.S. Patent Publication No. 2002/0152339 Al; 


(6) 


U.S. Patent No. 6,446,141 Bl; 


(7) 


U.S. Patent No. 5,012,405; 


(8) 


U.S. Patent No. 5,689,701; 


(9) 


U.S. Patent No. 5,752,060; 


(10) 


U.S. Patent No. 5,761,498; 
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(11) U.S. Patent No. 6,006,018; 

(12) U.S. Patent No. 6,026,414; 

(13) U.S. Patent No. 6,606,690 B2; 

(14) U.S. Patent No. 6,718,372 Bl; 

(15) U.S. Patent Publication No, 2003/0101200 Al; 

(16) U.S. Patent Publication No. 2003/0135514 Al; 

(17) U.S. Patent Publication No. 2004/0019655 Al ; and 

(18) Japanese Patent Publication No. JP 2003-162441. 

(e) Set forth below is a detailed discussion of references which points out 
with particularity how the claimed subject matter is distinguishable over the references. 

A. Claimed Embodiments of the Present Invention 

The claimed embodiments relate to a distributed file system (DPS) that allows 
access to a DFS file using a conventional protocol without making a modification on a side of 
a client that uses the conventional protocol. 

Independent claim 24 recites a gateway apparatus between a client computer 
requesting a file access and a file server executing file access processes according to a 
received file access request firom the client computer. The gateway apparatus comprises a 
first type protocol processing unit which is configured to receive a first type file access 
request according to the first type protocol fi"om the client computer and respond to the 
received first type file access request, wherein a first type file system according to the first 
type protocol is a directory stmctural file system and the first type file access request includes 
a path ID indicating a directory including a target file and a first type file ID indicating the 
target file, and the first type file ID is a unique ID in the directory. The gateway apparatus 
fiirther comprises a second type file system access unit which is configured to receive a file 
access request fi-om the first type protocol processing unit and issue a second type file access 
request to a second type file system, wherein the second type file access request includes a 
second type file ID indicating the target file, and the second type file ID is a unique ID in the 
second type file system and assigned to the target file by the second type file system. A 
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directory management unit is configured to manage a correspondence between a directory 
structure of the first type file system and a second type file ID of the second type file system, 
wherein the second type file ED used by the second type file system access unit is specified 
by the directory management unit based on the first type file ID included in the first type file 
access request. 

Independent claim 40 recites a computer readable storage medium having a 
computer program for a gateway apparatus to manage file access between a client computer 
requesting a file access and a file server executing file access processes according to a 
received file access request fi-om the client computer. The computer program comprises code 
for a first type protocol processing unit to receive a first type file access request according to 
the first type protocol fi-om the client computer and respond to the received first type file 
access request, wherein a first type file system according to the first type protocol is a 
directory structural file system and the first type file access request includes a path ID 
indicating a directory including a target file and a first type file ID indicating the target file, 
and the first type file ID is a unique ID in the directory. The computer program fiirther 
comprises code for a second type file system access xmit to receive a file access request fi-om 
the first type protocol processing unit and issue a second type file access request to a second 
type file system, wherein the second type file access request includes a second type file ID 
indicating the target file, and the second type file ID is a unique ID in the second type file 
system and assigned to the target file by the second type file system. The computer program 
also comprises code for a directory management unit to manage a correspondence between a 
directory structure of the first type file system and a second type file ID of the second type 
file system, wherein the second type file ID used by the second type file system access unit is 
specified by the directory management unit based on the first type file ID included in the first 
type file access request. 

One of the benefits that may be derived is that access to a file on the file 
system using file ID can be made for the directory structural file system, without making a 
modification on the client's side. 

B. Discussion of the References 

None of the following references disclose providing a gateway fimction 
between two file systems by managing a directory structure of a directory structural file 
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system and a file ED assigned by a file system and unique in the file system. For instance, the 
references do not teach a directory management unit configured to manage a correspondence 
between a directory structure of the first type file system and a second type file ID of the 
second type file system, wherein the second type file ID used by the second type file system 
access unit is specified by the directory management unit based on the first type file ID 
included in the first type file access request. The references merely disclose distributed file 
systems. 

1. U.S. Patent Publication No. 2002/0112023 Al 

This reference relates to a system and a method for providing a plurality of 
client applications access to data in a distributed file system. Read requests are separated 
fi-om write requests, so that read requests are processed by dedicated read servers and write 
requests are processed by a dedicated write server. A DPS server (184) receives file access 
requests fi*om the client application (156). The DPS server is implemented with conventional 
server software for a distributed file system, for example, NFS server software. If the DPS 
client interface (158) or load balancer (164) sends only read requests to the DPS server, the 
DPS server processes only read requests and commercially available DPS server software is 
used. See paragraphs [0023]-[0033]. The reference fails to teach providing a gateway 
function between two file systems by managing a directory structure of a directory structural 
file system and a file ID assigned by a file system and unique in the file system. 

2. European Patent Publication No. EP 0794479 Al 

This reference discloses a method and an apparatus for providing dynamic 
distributed file system client authentication. One method for providing dynamic distributed 
file system client authentication within a distributed file system computing environment 
includes receiving an NFS (Network Pile System) request fi-om an NFS client, determining 
whether the NFS client has an access status sufficient to perform the NFS request, and 
performing the NFS request when the NFS client has sufficient access status. The dynamic 
NFS client authentication service 270 considers factors such as time, date, identity of the NFS 
client, a nature of the NFS request, and a current status of a resource upon which the NFS 
request operates. See colxmm 8, lines 4-25; column 10, lines 9-31. The reference does not 
teach providing a gateway fimction between two file systems by managing a directory 
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structure of a directory structural file system and a file ID assigned by a file system and 
unique in the file system. 

3. US. Patent Publication No. 2002/0083120 Al 

This reference discloses a shared storage distributed file system providing 
applications with transparent access to a storage area network (SAN) attached storage device. 
This is accomplished by providing clients read access to the devices over the SAN and by 
requiring most write activity to be serialized through a network attached storage (NAS) 
server. See paragraphs [0089] -[0090]. A supplemental read path is provided through the 
NAS server for those circumstances where the local file system is unable to provide valid 
data reads. See paragraphs [0093]-[0095]. The reference fails to teach providing a gateway 
fimction between two file systems by managing a directory structure of a directory structural 
file system and a file ID assigned by a file system and imique in the file system. 

4. U.S. Patent Publication No. 2002/0161860 Al 

This reference relates to a method and a system providing a distributed file 
system and distributed file system protocol utilizing a version-controlled file system with 
two-way differential transfer across a network. Fig. 4A shows a DDFS (Differential 
Distributed File System) filesystem protocol by way of several examples of a two-way 
differential file transfer protocol that refers to the remote clients. See paragraphs [0135]- 
[0146]. Fig. 4B illustrates how the client processes a DDFS file read request in which the 
client receives a delta ("difif *) between the latest version of the file and the version that the 
client has cached. See paragraphs [0147]-[0148]. Fig. 4C illustrates how the client processes 
a write request in which the client calculates a delta fi-om the new version of the file and the 
most recently saved version fi-om the cache. See paragraphs [01 49] -[01 52]. 

This reference merely discloses a differential distributed file system. It does 
not teach providing a gateway function between two file systems by managing a directory 
structure of a directory structural file system and a file ID assigned by a file system and 
unique in the file system. 
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5. U.S. Patent Publication No. 2002/0152339 Al 

This reference relates to a storage system that includes a storage controller 14 
and storage media for reading data from or writing data to the storage media in response to 
SCSI, NFS, CIFS, or HTTP type read/write requests. The storage controller includes SCSI, 
NFS, CIFS, and HTTP interface adapters 26, 28, 30, 32 for receiving the read/write requests 
and effecting the reading of data from or the writing of data to the storage media. See 
paragraphs [00 19] -[0021]. The reference fails to teach providing a gateway function between 
two file systems by managing a directory structure of a directory structural file system and a 
file ID assigned by a file system and unique in the file system. 

6. U.S. Patent No. 6.446,141 Bl 

This reference discloses a system equipped with a communication interface for 
connection to different kinds of user data from a storage server. The storage server comprises 
a bus system which includes a plurality of slots having interfaces to respective data stores; 
and an operating system which includes logic controlling transfers among the plurality of 
slots over the bus system according to an internal format, logic for translating a storage 
transaction received over the communication interface into the internal format, logic for 
configuring the plurality of slots according to a configuration data, and logic to monitor the 
performance and condition of the storage server. See column 1, line 55 to column 2, Une 10. 

This reference merely discloses a communication interface for connection to 
different kinds of user data from a storage server. It does not teach providing a gateway 
fimction between two file systems by managing a directory structure of a directory structural 
file system and a file ID assigned by a file system and imique in the file system. 

7. U.S. Patent No. 5.012,405 

This reference discloses a file management system for permitting user access 
to files in a distributed file system based on linkage relation information. The information 
processing devices are linked through a communication line and dispersed files are utilized 
by a plurality of users in common. Each information processing device 4a-4c is provide with 
a file system management program 9a-9c, user programs 12x-12z, 12b, 12c, and a 
management table 10, lib, 11c (col. 6, lines 45-49; Fig. 3). 
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This reference merely discloses a file management system for a distributed file 
system based on linkage relation information. It does not teach providing a gateway function 
between two file systems by managing a directory structure of a directory structural file 
system and a file ID assigned by a file system and unique in the file system. 

8. U.S. Patent No. 5.689 JOl 

This reference discloses a system and a method for providing compatibility 
between distributed file system namespaces and operating system pathname syntax. A DPS 
pathname prefix is associated with each drive letter that is attached to a DPS IPS driver. 
Before an IPS driver is used, an application program issues a command to associate a drive 
letter with a particular IPS driver. The command issued also carries a DPS pathname prefix 
within a data buffer. The IPS services the command by validating existence of the DPS 
pathname prefix, and thereafter stores such prefix into an intemal table of the buffer where it 
is associated with the attached drive letter. File system requests later received by the DPS 
client IPS driver carr3dng a pathname containing that drive letter will have their file 
specifications edited by the DPS code prior to processing. The drive letter in the pathname is 
replaced by the DPS pathname prefix firom the IPS driver's intemal table, and operating 
system slashes in operating system pathname are converted to DPS slashes. The operating 
system user may thereby reference DPS objects relative to a point in the DPS namespace 
using the operating system's pathname syntax with which the user is more comfortable. Pig. 
13 shows a flow diagram of a process in which a table is built correlating operating system 
drive letters and file system namespace syntax. Pig. 14 is a flow diagram of a process for 
processing a file system request whereby compatibility is provided between distributed file 
system namespace and operating system pathname syntax not otherwise natively supported in 
the namespace. 

This reference merely discloses providing compatibility between distributed 
file system namespace and operating system pathname syntax. It does not teach providing a 
gateway function between two file systems by managing a directory structure of a directory 
structural file system and a file ID assigned by a file system and unique in the file system. 
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9. U.S. Patent No. 5,752.060 

This reference discloses a file access scheme in a distributed data processing 
system for executing an access to a file in response to a file server to effect a data processing 
includes a device for executing an input/output processing such that each processing module 
unit operates as a subroutine of a data processing unit and executes input/output processing to 
the file controlled by itself and a device for executing data transfer processing such that the 
processing module unit operates as a subroutine of the data processing unit and implements a 
data transfer processing between the processing module xmit and the file server of other 
processing modules. As shown in Fig. 2, when an open instruction of a file 1 1-i is made to a 
file server 13-i in a processing module unit 1-i which is part of a distributed data processing 
system, and the data processing imit 10-j which has submitted the open instruction belongs to 
the same processing module xmit to which it belongs 1-i, that is, i=j, the activation of an 
input/output processing unit 14-i ready for the data processing unit 10-i as a subroutine is 
designated. The data processing unit 10-i which has submitted the open instruction employs 
its self data area and executes an input/output request for the disk 12-i to effect an access 
processing to the file 1 1-i. 

This reference merely discloses a file access scheme in a distributed data 
processing system. It does not teach providing a gateway function between two file systems 
by managing a directory structure of a directory structural file system and a file ID assigned 
by a file system and unique in the file system. 

10. U.S. Patent No. 5,761,498 

This reference discloses a distribution file system for accessing required 
portion of a file. When a host system 13 opens a file, it can see it as a file. When each 
system 16 opens a file, it can see the file as a local file. A substance is stored as one file in a 
secondary memory. In an open mode, however, each cell can see a required portion 
corresponding to the distribution information stored in the distribution information storing 
portion 15. See Figs. 2A-2C; column 3, line 64 to column 4, line 6. 

This reference merely discloses a particular implementation of a distribution 
file system. It does not teach providing a gateway function between two file systems by 
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managing a directory structure of a directory structural file system and a file ID assigned by a 
file system and unique in the file system. 

11. U.S. Patent No. 6,006.018 

This reference discloses a translation gateway for a distributed computing 
environment including a source computer system and a target computer system, each of 
which has at least one client, one server and a distributed file system. A method for 
providing authenticated access to files stored in the target distributed file system in response 
to file requests originating from clients associated with the source distributed file system 
begins by mapping credentials associated with incoming client requests from the source 
distributed file system into enhanced credentials containing authentication information 
associated with an authentication model of the target distributed file system (see Fig. 6; col. 
9, lines 36-55). At least one enhanced credential is then augmented with one or more 
attributes whose values may be extracted and used in the processing of the file system request 
by the target file system (see Fig. 5; col. 9, lines 14-35). The source computer system's server 
then makes file system requests using the enhanced credentials so that each file request 
appears to the target computer client as if it were made by an authenticated process with 
equivalent attributes (see Fig. 4; col. 8, lines 13-57). 

This reference merely discloses a distributed file system translator with 
extended attribute support. It does not teach providing a gateway function between two file 
systems by managing a directory structure of a directory structxjral file system and a file ID 
assigned by a file system and unique in the file system. 

12. U.S. Patent No. 6,026,414 

This reference discloses a system for backing up files in a distributed 
computing system. A file server 8 maintains files in a shared name space. The client 4 and 
proxy client 10 include a distributed file system (DFS) client program 14 that provides 
communication with the file server 8 and access to files in the shared name space. The client 
4 and the proxy client 10 each have a backup client program 18. The file server 8 provides 
the first backup client program and the second backup client program with access to the files 
in the shared name space. The first backup client program initiates a backup request to 
backup a requested file. A determination is made as to whether the requested file is 
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maintained in a shared name space. The backup request is transmitted to the second backup 
client program upon determining that the requested file is maintained in the shared name 
space. The second backup client program transmits a message to the file server to provide 
the requested file. The file server transmits the requested file with the file server to the 
second backup client program. The second backup client program then transmits the 
requested file to a backup server program 20. The backup server program stores the 
requested file in a storage device. 

This reference merely discloses a system for backing up files in a distributed 
computer system. It does not teach providing a gateway fimction between two file systems 
by managing a directory structure of a directory structural file system and a file ID assigned 
by a file system and unique in the file system. 

13. U.S. Patent No. 6,606,690 B2 

This reference discloses a system for accessing a plurality of storage devices 
in a storage area network (SAN) as network attached storage (NAS) in a data communication 
network is described. A SAN server includes a first interface and a second interface. The 
first interface is configured to be coupled to the SAN. The second interface is coupled to a 
first data communication network. A NAS server includes a third interface and a fourth 
interface. The third interface is configured to be coupled to a second data communication 
network. The fourth interface is coupled to the first data communication network. The SAN 
server allocates a first portion of the plurality of storage devices in the SAN to be accessible 
through the second interface to at least one first host coupled to the first data communication 
network. The SAN server allocates a second portion of the plurality of storage devices in the 
SAN to the NAS server. The NAS server configures access to the second portion of the 
plurality of storage devices to at least one second host coupled to the second data 
communication network. See column 2, lines 40-67. 

This reference merely discloses a system for accessing a plurality of storage 
devices in a SAN as NAS in a data communication network. It does not teach providing a 
gateway fimction between two file systems by managing a directory structure of a directory 
structural file system and a file ID assigned by a file system and unique in the file system. 
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14. U.S. Patent No. 6,718372 Bl 

This reference discloses a data server that can provide access to data, such as 
mainframe data, by open systems platforms. The system includes a shared storage interface 
214 couphng a first computing system 201-1 to a shared storage device 21 1 in which the 
shared data is maintained by a second computing system 202 in a manner that is not natively 
compatible to the first computing system. The computing system fiirther includes a data 
access server 210 which executes on the processor in the first computing system. When 
executing, the data access server receives, via the network interface 213, a client message to 
access data on the shared storage device and in response to receiving the client message, 
retrieves, via the network interface, data storage information provided firom the second 
computing system coupled to the first computing system. The data storage information is 
stored in the memory system and allows the data access server on the first computing system 
to access the data in the shared storage device in a manner that is compatible with the first 
computing system. See Figs. 5-6. 

This reference merely discloses a data access server for open systems 
platforms. It does not teach providing a gateway function between two file systems by 
managing a directory structure of a directory structural file system and a file ID assigned by a 
file system and unique in the file system. 

15. U.S. Patent Publication No. 2003/0101200 Al 

This reference discloses a distributed file sharing system and a file access 
control method of efficiently searching for access rights. With a shared index information 
file 1244 in a file sharing index manager 120, 140, 160, 180, a distributed file system controls 
access to files based on access right obtained firom the index information. Even when a host 
terminal 12, 14, 16, 18, 20 operated by a user does not have directory information required, 
that host terminal may obtain an access right fi-om the file sharing index manager without 
making access to the host terminals. The host terminals perform local management via file 
sharing managers to minimize accesses to the host terminals which are required imtil 
processing is completed. See Fig. 1; and paragraphs [0034]-[0037]. 

This reference merely discloses a particular control method of searching for 
access rights in a distributed file sharing system. It does not teach providing a gateway 
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function between two file systems by managing a directory structure of a directory structural 
file system and a file ID assigned by a file system and unique in the file system. 

16. U.S. Patent Publication No. 2003/0135514 Al 

This reference discloses a distributed file system incorporating a virtual hot 
spare. The intelligent distributed file system 110 enables the storing of file data among a 
plurality of smart storage units 114 which are accessed as a single file system. The intelligent 
distributed file system utilizes a metadata data structure to track and manage detailed 
information about each file, including, for example, the device and block locations of the 
file's data blocks, to permit different levels of replication and/or redundancy within a single 
file system, to facilitate the change of redundancy parameters, to provide high-level 
protection for metadata, to replicate and move data in real-time, and to permit the creation of 
virtual hot spares among the smart storage units without the need to idle any single smart 
storage unit in the intelligent distributed file system. See Fig. 1; and paragraphs [0040]- 
[0045]. 

This reference merely discloses a specific implementation of a distributed file 
system. It does not teach providing a gateway function between two file systems by 
managing a directory structure of a directory stmctural file system and a file ID assigned by a 
file system and unique in the file system. 

17. U.S. Patent Publication No. 2004/0019655 Al 

This reference discloses a method for forming such a virtual network storage 
with use of general network storages and through the processings by a network storage 
accessing protocol without using any of dedicated network storages, concentrated 
management servers, and distributed directories. The virtual network storage, when receiving 
a READDIR request from a client in step 301, transfers the received READDIR request to 
each network storage in step 302, then receives READDIR responses from the network 
storages. The virtual network storage then combines the READDIR responses from the 
network storages and sends the result to the client. See paragraphs [0035]-[0037]. 

This reference merely discloses a method for forming virtual network storage. 
It does not teach providing a gateway function between two file systems by managing a 
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directory structure of a directory structural file system and a file ID assigned by a file system 
and unique in the file system. 

18. Japanese Patent Publication No. JP 2003-162441 

This reference contains the same disclosure as reference item 15 (U.S. Patent 
Publication No. 2003/0101200 Al). 

(f) In view of this petition, the Examiner is respectfully requested to issue 
a first Office Action at an early date. 
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(57) A variety of methods and apparatus are taught 
for providing dynamic distributed file system client au- 
thentication. One method for providing dynamic distrib- 
uted file system client authentication within a distributed 
file system computing environment includes the steps 
of receiving an NFS request from an NFS client, deter- 
mining whether the NFS client has an access status suf- 
ficient to perfonm the NFS request, and performing the 
NFS request when the NFS client has sufficient access 
status. In some embodiments, the NFS request Includes 
a file handle representing a given file system available 
on the server computer system and a file operation to 
be performed upon the given file system. A server com- 
puter in accordance with one embodiment of the present 



Invention is operable to provide dynamic NFS client au- 
thentication. The server computer includes a CPU, a 
RAM accessible by the CPU. a ROM accessible by the 
CPU, a network I/O port coupled with the CPU, a mass 
storage device accessible by the CPU, and a kemel Im- 
plemented on the server computer. In addition, the serv- 
er computer implements a dynamic NFS client authen- 
tication service operable to receive an NFS request from 
an NFS client and to authenticate the NFS client in re- 
lation to the NFS request. The dynamic NFS client au- 
thentication service considers factors such as time, 
date, identity of the NFS client, a nature of the NFS re- 
quest, and a current status of a resource upon which the 
NFS request operates. 
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E>escription 

BACKGROUND OF THE INVEMTION 

The present invention relates generally to file shar- 
ing over a computer network. More specifically, the 
present invention teaches methods and apparatus for 
providing dynamb client authentication in a distributed 
computer file system. 

Sun Microsystems, Inc.'s "Distributed File System', 
designated as NFS®, is a computer implemented serv- 
ice designed to allow computer systems to share files 
across a computer network. In brief, file systems are 
mounted across the network, making them appear as If 
a local computer system is accessing the file system lo- 
cally when in fact the files are stored on a remote server 
computer. Thus, using NFS, it is possible to share indi- 
vidual files, file hierarchies, and entire file systems 
across a network. 

NFS employs a client/sen/er paradigm. A computer 
that wishes to share Its file system with other computers 
on the network acts as a server computer. Files are 
physically located on and managed by the server com- 
puter. A separate computer that wishes to access files 
located on the server computer acts as a client of the 
server computer. In order to access files located on the 
server computer, the client computer first mounts the re- 
quired file system and then makes file access requests 
across the network to the server. In general, a computer 
may simultaneously operate as a client and a server. 

Fig. 1 diagramatically Illustrates an NFS client/serv- 
er paradigm 10 of the prk>r art. The NFS client/server 
paradigm 10 includes an NFS client 12 and an NFS 
server 14. The NFS server 14 includes a kernel 16 and 
a mount daemon 18. As will be well familiar to those of 
skill in the art, the kernel 16 typically implements the 
most primitive functions of the server's operating sys- 
tem. Additionally, because the kernel 1 6 is generally res- 
ident in random access memory (RAM), it is sound pro- 
gramming strategy to minimize the memory space re- 
quired by these primitive functions. 

The mount daemon 18 is a process implemented 
on the server 14 which autonomously answers file sys- 
tem mount requests, making available those file sys- 
tems which the clients may legitimately access. When 
the NFS client 12 attempts to mount a given file system 
30, the mount daemon 18 authenticates that the NFS 
client 12 is entitled to access the given file system 30 
and, if so, returns a file handle 24 corresponding to the 
given file system 30. The file handle 24 serves as a key 
facilitating all further requests between the NFS client 
12 and the NFS server 14 with regards to the given file 
system 30. 

Once the NFS client 12 obtains a file handle 24, all 
file system requests are handled by an NFS service 20 
implemented within the kernel 16. Each file system re- 
quest such as NFS request 22 includes both the file han- 
dle 24 and a file operation 26. VVhen the file handle 24 



is vaiki, the NFS servk:e 20 executes the file operation 
26 as a matter of course, without authenticating the NFS 
client 12. When necessary, the NFS service 20 returns 
an NFS response 28, providing the NFS client 12 with 
s either the requested file informatbn or a message indi- 
cating success or failure of the requested file operatbn 
26. 

While the prior art NFS paradigm 10 provides re- 
source sharing across a network, it inherently creates a 

10 potential for security risks within the network. As used 
herein, security risks include unauthorized access to re- 
sources found on an NFS server computer. In particular, 
prior art NFS implementations only provide what is here- 
in temned static client authentication mechanisms. 

IS A static client authentication mechanism operates 
only once with respect to a client's log in sessk>n: initially 
when the client attempts to mount resources. In perhaps 
the least secure situations the mount daemon 18 simply 
verifies that the NFS client 12 is entitled to access by 

20 comparing the NFS client 1 2 and the mount request with 
the client's access status stored in a file generally called 
sharetab (for share table). As will be appreciated, a cli- 
ent's access status to a given file system 30 can be ei- 
ther "no access", "ro" for read only access, or "rw" for 

25 read and write access. When the client's access status 
satisfies the mount request, the NFS client 12 receives 
a valid file handle 22 for use in subsequent NFS re- 
quests. 

Therefore, a statk: client authentication mechanism 

30 can protect NFS senders from unauthorized NFS clients 
lacking a valid file handle. However, even the more so- 
phisticated statk; client authenticatbn mechanism relies 
on the assumption that clients having valid file handles 
are authorized to access the server's file system corre- 

35 spending to the valid file handle. No protection is pro- 
vided against attacking clients who have guessed or 
misappropriated valid file handles. 

Fig. 2 is a flow chart illustrating a security breach 
50 of an NFS server 14 by an attacking client 1 2 having 

40 a valid file handle 24. The breach 50 starts in a step 52. 
At step 52 the attacking client has unauthorized posses- 
sion of a valid file handle 24. The attacking client may 
have guessed or misappropriated the valid file handle 
24 by eavesdropping on the network. In a step 54 the 

45 attacking client 14 makes an NFS request 22 including 
the valkJ file handle 24. Because the current NFS 22 re- 
quest Includes the valid file handle 22, the NFS service 
20 performs the requested file operation 26. Then, in 
step 56, the attacking client receives back the desired 

50 response and security of the server 14 is breached. 

While the example of Fig. 2 focused on security 
risks posed by attacking clients, security problems exist 
even with respect to clients whose access status has 
changed subsequent to mounting the given file system 

55 30. This is because, once an NFS client 1 2 has mounted 
within the prior art NFS client/server paradigm 10, the 
only way an NFS server 1 4 can enforce the client's new 
access status to given file system 30 is to force the NFS 
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client 12 to unmount the given fife system 30 and then 
mount the given file system 30 again. 

Accordingty, what is needed is a dynamic NFS client 
authentication mechanism which provides NFS client 
authentication upon every NFS request. Such a dynam- 
ic NFS client authentication mechanism should insure 
that only authorized clients are allowed to access a serv- 
er's file systems, regardless of whether the client's re- 
quest includes a valid file handle. In addition, the dy- 
namic NFS client authentication mechanism should en- 
able a server to dynamically alter a client's access status 
without altering a client's server connection status. 

SUMMARY OF THE INVENTION 

To achieve the foregoing and other objectives and 
in accordance with the purpose of the present invention, 
a variety of methods and apparatus are disclosed here- 
in. A first aspect of the present invention teaches a meth- 
od for providing dynamic network file system client au- 
thentication within a distributed file system computing 
environment. The method is implemented upon an NFS 
server computer system and includes the steps of re- 
ceiving a network file system request from an NFS cli- 
ent, determining whether the NFS client has an access 
status sufficient to perform the NFS request, and per- 
forming the NFS request when the NFS client has suf- 
ficient access status. According to some embodiments, 
the NFS request includes a file handle representing a 
given file system available on the server computer sys- 
tem and a file operation to be performed upon the given 
file system. 

In accordance with another aspect, an export infor- 
mation table is resident on the server computer system. 
An entry in the export information table for the given file 
system includes a read only bit and a read-write bit. The 
read only bit indicates global read only access status, 
while the read-write bit indicates global read and write 
access status. According to this aspect, the export in- 
formation table is searched to determine whether the 
NFS client has an access status sufficient to perform the 
NFS request. When the read only bit is set, the client's 
access status is set to read only. Similarly, when the 
read-write bit is set, the client's access status is set to 
read-write. Thus when the entry in the export infonna- 
tion table is determinative of the client's access status, 
it is then directly determined from the client's access sta- 
tus whether the requested NFS operation can be per- 
formed. 

In a further related aspect, when the entry in the ex- 
port information table is not determinative of the client's 
access status (neither bit is set), a cache memory is 
searched for a specific export authentication cache en- 
try for the NFS client which corresponds to the given file 
system. When present, the specific export authentica- 
tion cache entry indicates the client's access status for 
the given file system thereby enabling direct determina- 
tion of whether the requested NFS operation can be per- 



formed. When not present, the specific export authenti- 
cation cache entry is first created. 

One embodiment of the present invention teaches 
a server computer for use in a NFS computing environ- 
s ment, the server computer operable to provide dynamk; 
NFS client authentication. The server computer in- 
cludes a CPU, a RAM accessible by the CPU, a ROM 
accessible by the CPU, a network I/O port coupled with 
the CPU, a mass storage device accessible by the CPU, 
10 and a kernel implemented on the server computer. The 
mass storage device is capable of storing a given file 
system modifiable by clients of the server computer hav- 
ing an access status of read-write for the given file sys- 
tem, readable by clients of the server computer having 
IS the access status of read only for the given file system, 
and inaccessible to other clients. In addition, the server 
computer implements a dynamic NFS client authentica- 
tion service operable to receive an NFS request from an 
NFS client and to authenticate the NFS client in relation 
20 to the NFS request. The dynamic NFS client authenti- 
cation service considers factors such as time, date, 
identity of the NFS client, a nature of the NFS request, 
and a current status of a resource upon which the NFS 
request operates. 

2S 

BRIEF DESCRIPTION OF THE DRAWINGS 

The invention, together with further objectives and 
advantages thereof, may best be understood by refer- 
30 ence to the following description taken in conjunctbn 
with the accompanying drawings in which: 

FIGURE 1 is a pfctorial illustration of an NFS client/ 
server paradigm of the prior art; 

35 FIGURE 2 is a flow chart showing a security breach 
of an NFS server computer by an attacking NFS cli- 
ent computer having a valid file handle; 
FIGURE 3 is a pictorial illustration of various com- 
puters linked together in a computer network; 

40 FIGURE 4 illustrates diagrammatically the major 
components of a computer in Fig. 3; 
FIGURE 5 is a pictorial illustration of an NFS client/ 
server paradigm in accordance with one embodi- 
ment of the present inventk>n; 

4S FIGURE 6 is a flow chart showing a process by 
which an NFS server starts in accordance with an- 
other embodiment of the present invention; 
FIGURE 7 is a flow chart showing a method by 
which an NFS client makes an NFS request for 

50 which the NFS client is authorized, the method in 
accordance with one aspect of the present inven- 
tion; 

FIGURE 8 is a flow chart showing a method by 
which an NFS client makes an NFS request for 
ss which the NFS client is not authorized, the method 
in accordance with another aspect of the present 
invention; 

FIGURE 9 is a flow chart showing a method by 
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which an NFS server performs dynamic NFS client 
authentication with regards to an NFS request in ac- 
cordance with yet another aspect of the present in- 
vention; 

FIGURE 1 0 is a flow chart providing a more detailed 
showing of step 436 of Fig. 9, the method of Fig. 10 
In accordance with a further aspect of the present 
Invention; 

FIGURE 11 is a flow chart showing one method for 
performing that portion of dynamic NFS client au- 
thentication which occurs In the NFS server's ker- 
nel, the method in accordance with yet another as- 
pect of the present invention; 
FIGURE 12 is a flow chart showing a method for 
performing that portion of dynamic NFS client au- 
thentication which occurs external to the NFS serv- 
er's kernel, the method in accordance with a still fur- 
ther aspect of the present invention; and 
FIGURE 13 is a flow chart showing a method for 
temporarily modifying the access status of an NFS 
client with respect to a given file system on an NFS 
server, the method in accordance with one aspect 
of the present invention. 

DETAILED DESCRIPTION OF THE INVENTION 

In a preferred embodiment of the present Invention, 
a distributed file system computing environment is im- 
plemented on a server computer and one or more client 
computers linked together by a network. The network 
may take any suitable form. By way of example, a rep- 
resentative network arrangement 100 is illustrated In 
Fig. 3. The network arrangement 100 includes a first 
computer 1 02 which is coupled to a transmission line 
104. The network 100 further Includes a router or the 
like 106 in addition to other computers 108, 110, and 
112 such that NFS requests and NFS replies can be 
passed among the networked computers. As will be ap- 
preciated, anyof computers 102, 106, 108, 110, and 112 
may be configured as an NFS server, an NFS client, or 
both. The design, construction and implementatbn of 
computer networks wilt be familiar to those of skill in the 
art. 

A representative computer 1 30 suitable for use as 
computers 102. 108. 110, and/or 112 of Fig. 3 is illus- 
trated schematically in Fig. 4. Computer 1 30 includes a 
central processing unit (CPU) 1 32 which is coupled with 
random access memory (RAM) 1 34 and with read only 
memory (ROM) 136. Typically. RAM 134 Is used as a 
"scratch pad" memory and includes programming in- 
structions and data for processes currently operating on 
CPU 132. ROM 136 typically includes basic operating 
Instructions and data used by the computer 1 30 to per- 
form its functions. In addition, a mass storage device 
138, such as a hard disk, CD ROM. magneto-optical 
(floptical) drive, tape drive or the like, may be optionally 
coupled with CPU 1 32. 

The mass storage device 1 38 is optional for an NFS 



client, but typically an essential element of an NFS serv- 
er. This is because, in order to play a useful role, the 
NFS server ought to maintain substantial file systems. 
However, the methods and apparatus of the present in- 
5 vention may be implemented upon a computer 130 
which does not include a mass storage device 1 38. The 
mass storage device 1 38 of an NFS server Includes data 
in the form of file systems potentially accessible by all 
NFS clients on the network 100. In addition, the nnass 
storage device 1 38 often includes additional program- 
ming instructions, data and objects that typically are not 
in active use by the CPU 132, although the address 
space may be accessed by the CPU 1 32, e.g., for virtual 
memory or the like. 

15 Each of the above described computers includes a 
network input/output source 140 which is coupled with 
a network such as network 100. The network input/out- 
put source may take any suitable fomri. Further, the 
atHDve described computers optionally includes an ad- 

20 ditional input/output source 142 such as a keyboard, 
pointer devices {e.g„ a mouse or stylus) and/or display 
connections. It will be appreciated by those skilled in the 
art that the above described hardware and software el- 
ements, as well as the networking devices, are of stand- 

25 ard design and construction, and will be well familiar to 
those skilled in the art. 

Turning next to Fig. 5, an NFS client/server para- 
digm 200 in accordance with one embodiment of the 
present inventk>n will now be described. The NFS client/ 

30 server paradigm 2(X) includes an NFS client 12 arKi an 
NFS server 200. The NFS client 12 and the NFS server 
200 may take any suitable form such as a computer 1 30. 
The NFS client 12 and the NFS server 200 are typically 
connected over a network such as network 1 00 and may 

35 communicate via NFS requests and responses such as 
NFS request 22 and an NFS response 28. In preferred 
embodiments of the present invention, the NFS request 
22 follows a format identical to that of the prior art NFS 
client/server paradigm 10, having a file handle 24 and 

40 a file operation 26. Therefore, preferred embodiments 
of the present invention are backwards compatible with 
prk>r art NFS paradigms. As will be appreciated, the file 
handle 24 is an identifier or key to a given file system 
30 provided to the NFS client 12 during an earlier suc- 

45 cessful mount request. In general, the given file system 
30 may represent any NFS resource available on the 
server computer. Example NFS resources include such 
resources as a file and a file system hierarchical struc- 
ture. 

50 Included In the NFS server 200 are a kernel 202, a 
mount daemon 204, a dfstab file 206, and a share table 
file 208. As will be appreciated by those familiar with the 
NFS computing environment, the dfstab file 206 is a text 
file listing both the resources that the NFS server 200 is 

55 making available for sharing, the clients allowed to ac- 
cess the shared resources, and the access status of 
such clients. The share table file 208 is generated from 
the dfstab file 206 and provides similar information, but 
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in a format more usefut to the mount daemon 204. 

As will be appreciated, the kernel 200 implements 
the more primitive functions of the server's operating 
system which in the NFS paradigm 200 includes an NFS 
service 220. As described below with reference to Figs. 
9-13. the NFS service 220 manages all NFS requests. 
In order to enable such management, the NFS sen/ice 
220 includes an export information table 222 and may 
include export authentication information such as an ex- 
port authentication cache 224 for a specific client stored 
in cache memory. The export information table 222 pro- 
vides information regarding the global access status to 
listed resources. That is. any access status provided in 
the export information table 222 applies to all NFS cli- 
ents. 

According to one embodiment of the present inven- 
tion, the export information table 222 has entries such 
as entry 226 having a file system. identifier 228. a read 
only (ro) bit 230, and a read-write (rw) bit 232. The file 
system identifier 228 may take any suitable form such 
as a file path. The ro bit 230 is set when all clients have 
read only access status with regards to the resource 
represented by the file system identifier 228. Similarly, 
the rw bit 232 Is set when all clients have read and write 
access status with regards to the resource represented 
by the file system identifier 228. The ro bit 230 and the 
rw bit 232 are exclusive; only one of the two may be set. 
Of course, the ro bit 230 and the rw bit 232 may be im- 
plemented by another fomnat representing equivalent 
information. For example, the ro bit 230 may be an AS- 
CII string wherein the value "TRUE* indicates that ait 
clients have read only access status. 

The export authentication cache 224 provides infor- 
mation regarding an access status of a specific client. 
In the embodiment of Fig. 5, the export authentication 
cache 224 has a client identifier 240, a file system Iden- 
tifier 242, and a client access status 244. By way of ex- 
ample, the client identifier 240 may be a network source 
address, the file system identifier 242 may be a fife path 
or other suitable Identifier, and the client access status 
244 may be a parameter indicating one of no access, 
read only access, or read and write access. As will be 
appreciated, the client access status 244 indicates the 
access status of the NFS client 12 with respect to the 
resources identified by the file system kJentifier 242. 

In the embodiment of Fig. 5, the mount daemon 204 
includes a mount service 250 and an NFS authentica- 
tion service 252. As will be appreciated, a daemon is an 
autonomous process. In essence, a process within a 
computer has at least one thread of execution as well 
as exclusively allocated memory. The mount service 
250 autonomously answers file system mount requests, 
making available those file systems which the NFS serv- 
er 200 is willing to share. When the NFS client 12 at- 
tempts to mount a given file system 30, the mount serv- 
ice 250 authenticates that the NFS client 12 Is entitled 
to access the given file system 30 and, If so, returns a 
file handle 24 corresponding to the particular file system. 



As will be appreciated, the mount service 250 essential- 
ly implements the functionality of the mount daemon 18 
of the prior art. 

The NFS server 200 also includes a dynamic NFS 

5 client authentk:ation service 270. In embodiments such 
as that of Fig. 5, the dynamic NFS client authentcation 
service 270 includes the NFS service 220 and the NFS 
authentication service 252. According to the present In- 
vention, for each NFS request 22, the dynamic NFS cli- 

10 ent authentication service authenticates the requesting 
NFS client 12. The steps involved in authenticating the 
NFS client 1 2 may include the foltowlng. 

Initially an NFS request 22 including a file handle 
24 and a file operation 26 is received. Then, a client's 

IS access status for a given file system 30 indrcated by the 
file handle 24 is determined. The criteria for determining 
the client's access status may vary, but a fundamental 
criterion is the client's access status for the given file 
system 30 as provided in the share table file 208. How- 

20 ever, this information may also be provided (directly or 
indirectly) in the export information table 222 or as an 
entry In the cache 224; in v\rtiich case, the share table 
file 208 need not be consulted. Beyond this fundamental 
criterion, the client's access status may be further limit- 

25 ed or expanded by other parameters. 

For example, in some embodiments it may be de- 
sirable to limit access to certain resources during peak 
usage periods. A commercial on-line service may im- 
pose a hierarchy in its membership structure. The low- 

30 est level members would only have access to high de- 
mand resources during non-peak usage periods. In con- 
trast, the highest level members access would never be 
limited. Another criterion which would be suitable for 
controlling access would be a current status of the given 

35 file system 30. For example, if the given file system 30 
was currently off line, it may be desirable to limit access 
even though the NFS server 200 originally intended to 
share the file system 30. Accordingly, such information 
would be utilized by the dynamic NFS client authentica- 

40 tion service 270 when authenticating the NFS client 1 2. 
In any event, once the client's access status for the 
given file system is determined as one of no access, 
read only access, or read-write access, the authentica- 
tion process continues by determining the nature of the 

45 file operation 26. For example, the file operating may be 
a read or write operatk>n. Then, the client's access sta- 
tus is compared with the nature of the file operation 26 
in order to determine if the file operation 26 should be 
executed. For example, if the file operation 26 requires 

50 modifying the given file system 30 but the client's access 
status is read only access, then the file operation 26 is 
unauthorized and will not be executed. 

As seen in Fig. 5, preferred embodiments of the dy- 
namic NFS client authenticating service 270 are imple- 

55 mented by multiple components. One rationale for pro- 
viding only a portion (the NFS service 220) of the dy- 
namic NFS client authenticating service 270 within the 
kernel is as follows. The kernel 200 is typically imple- 
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mented in precious (in terms of cost and availability) ran- 
dom access memory such as RAM 1 34. As will be ap- 
preciated, the most time efficient response would arise 
from implementing the entire dynamic NFS client au- 
thenticating sen/ice 270 within the kemel. However, the 
costs of utilizing RAM 1 34 for the NFS service 220 must 
be balanced with the need for conserving RAM 134 for 
other software running on the NFS server 200. 

In essence, the NFS service 220 ought to provide 
a minimal dynamic NFS client authentication. This in- 
cludes the capability to (a) authenticate an NFS client 
1 2 when the client's access status for a given file system 
30 has been determined in a previous NFS request 22, 
(b) authenticate the NFS client 1 2 when the NFS server 
200 provides read only access to all NFS clients for the 
given file system 30 and the file operation 26 does not 
require modifying the given file system 30. (c) authenti- 
cate the NFS client 12 when the NFS sender 200 pro- 
vides read-write access to all NFS clients for the given 
file system 30, and (d) make a dynamic authentication 
request to a resource external to the kemel 200 when 
none of the necessary conditions in (a)-(c) are met. 
Thus, the NFS authentication service 252 must be able 
to receive, perform, and reply to dynamic NFS client au- 
thentication requests sent from the NFS service 220. 
One suitable embodiment for separating the f unctbnal- 
ity of the dynamic NFS client authentication service 270 
is described below In more detail with reference to Figs. 
10-13. 

Also shown in Fig. 5 is a network name service 260. 
As will be appreciated by those skilled in the art. a net- 
work name service 260 provkJes information atxsut com- 
puters connected to the network 1 00. Of particular rel- 
evance to the present invention, the network name serv- 
ice 270 is operable to convert the NFS client 12's net- 
work source address into a hostname. This may be nec- 
essary since the typical share table file 208 is organized 
by hostnames, while the typical NFS request 22 only in- 
dicates the NFS client 12's network source address. 
This will be discussed bek>w in more detail with refer- 
ence to Fig. 12. 

Turning next to Fig. 6, a initialization method 298 for 
an NFS server 200 in accordance with one embodiment 
of the present invention will now be described. The ini- 
tialization method 298 begins in a step 300 by starting 
the NFS server 200. A number of steps not directly re- 
lated to the present invention must be performed in or- 
der to bring the NFS server 200 into an operating state. 
However, these are well understood by those of skill in 
the art and, hence, no description is provided herein. A 
next step 302 processes the dfstab file 206 creating the 
share table file 208 and, internal to the kernel 202. the 
export info table 222. 

After the dfstab file 206 has been processed, a step 
304 starts the mount service 250 within the mount dae- 
mon 204. Then, a step 306 starts the NFS authentication 
service 252 within the mount daemon 204. These steps 
304 and 306 may be performed in reverse order. Fur- 



ther, as will be appreciated, other embodiments of the 
present invention may suitably implement the mount 
service 250 and the NFS authentication service 252 
within separate processes or within the kernel 202. 
5 Then, a step 308 starts the NFS sen/ice 220 within the 
kernel 202. Once the NFS service 220 is started, in a 
step 310 the NFS server 200 is ready to process NFS 
mount and file access requests. 

With reference to Fig. 7, an authentic client re- 
10 sponse method 400 in accordance with one embodi- 
ment of the present invention will now be described. The 
method 400 begins in a step 402 where any required 
initializatbn procedures are performed. If not yet per- 
formed, the initialization procedures include those de- 
15 scribed above with reference to Fig. 6. Next, in a step 
404, an NFS client 1 2 makes an NFS request 22 having 
a file handle 24 and a file operatbn 26. As will be ap- 
preciated, valid NFS requests include file operations 
such as read, delete, and modify. In response to the NFS 
20 request 22 (and in contrast to the prior art), the NFS 
server 200 will dynamically authenticate the NFS client 
12. That is, the NFS server 200 will determine whether 
the NFS client 1 2 has the required access status to per- 
form the tile operation 26 upon a given file system 30 
25 identified by the file handle 24. One suitable method for 
the NFS sen/er 200 todynamically authenticate the NFS 
client 12 is described below with reference to Fig. 9. In 
Fig. 7 the NFS client 12 is authenticated and thus the 
NFS server 200 implements the file operation 26. Ac- 
30 cordingly, in a step 406, the NFS client 1 2 receives back 
a desired response 28. 

Now. tuming to Fig. 8. an unauthenticated client re- 
sponse method 410 in accordance with another aspect 
of the present invention will be described. The method 
35 410 is initiated in step 412 and in a step 414 an NFS 
client 1 2 makes an NFS request 22 including a valid file 
handle 24 and a file operation 26. However (in contrast 
to the prior art), the NFS server 200 dynamically deter- 
mines that the NFS client 12 does not have the access 
40 status required to perform the requested file operation 
26. One suitable method for the NFS server 200 to dy- 
namically authenticate the NFS client 12 is described 
bek>w with reference to Fig. 9. Accordingly, the NFS 
server 200 does not perform the requested file operation 
^5 26. Instead of receiving the desired response, in a step 
416 the NFS client 12 receives an error indication. 
Hence the NFS server 200's security is not breached. 

With reference to Fig. 9, a method 430 for perform- 
ing dynamic NFS client authentication in accordance 
50 with one aspect of the present invention is now de- 
scribed. The method 430 begins in a step 432 which in- 
cludes any required initialization processes. As will be 
appreciated, these include network initialization as well 
as starting a mount daemon 204 and an NFS service 
55 220. Of course, in general these initialization processes 
need only be done once and subsequent instances of 
the method 430 would not include such steps. 

In a next step 434, the NFS server 200 receives an 
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NFS request 22 from an NFS client 12. As described 
above with reference to Fig. 5, the NFS request 22 in- 
cludes a file handle 24 and a file operation 26. As will 
be appreciated, the file handle 24, if valid, represents a 
given file system 30 present on the NFS server 200. The 
file operation 26 is an operation which may be per- 
formed on the given file system 30. In response to the 
request 22, in a step 434 the NFS server 200 compares 
the client's access status with the access status re- 
quired to perform the file operation 26 and responds ac- 
cordingly. For example, if the client had read only access 
status and the file operation 26 required modifying the 
given file system 30, the NFS server 200 could respond 
with an error message informing the NFS client 12 that 
the required write access status was lacking. The NFS 
server 200 could also respond by indicating that the re- 
quested command could not be performed at this time. 

In some implementations, the NFS server 200 may 
respond to inauthentic NFS clients with more severe se- 
curity measures. By way of example, the NFS sender 
200 may record in a file and/or on a system temnlnal that 
an unauthenticated NFS request 22 was received from 
NFS client 12. Depending upon the circumstances, the 
NFS server 200 may determine that the NFS client 12 
is attacking and preclude the NFS server 12 from mak- 
ing further NFS requests. One embodiment of step 436 
will be described below in more detail with reference to 
Fig. 10. 

Turning next to Fig. 10, a method for performing 
step 436 of Fig. 9 in accordance with one embodiment 
of the present invention will now be described. The 
method begins in step 452 where the NFS service 220 
receives and begins responding to the NFS request 22 
which the NFS server 200 received in step 434 of Fig. 
9. As described above in reference to Fig. 5, the NFS 
service 220 is implemented within the kemel 202 of the 
NFS server 200. As will be appreciated, if the format of 
the NFS request 22 is not suitable for use by the NFS 
service 220, step 452 may include processing the NFS 
request 22 to make it suitable for use by the NFS service 
220. In general, this processing is done external to the 
kernel 202. By way of example, data is often marshaled 
into a fornnat suitable for network transmission, then 
transmitted over the network. Thus upon receipt of the 
NFS request, it may be necessary to unmarshal the NFS 
request 22 prior to utilization by the NFS service 220. 
However, the network format may be suitable for utiliza- 
tion by the NFS servrce 220. Of course, these are appli- 
cation specific details whk;h will be familiar to those 
skilled in the art. 

Once the NFS service 220 has a suitably formatted 
NFS request 22, a search step 454 searches in the ex- 
port information table 222 for the given file system 30. 
According to the embodiment described above with ref- 
erence to Fig. 5, the export information table 222 has 
entries such as entry 226 having a file system identifier 
228, a read only (ro) bit 230, and a read-write (rw) bit 
232. In preferred embodiments, the file system identifier 



228 is in a format identical to the format of the file handle 
24. Thus search step 454 utilizes the file handle 24 as 
a key to locate the given file system 30 in export infor- 
mation table 222. 

s Once the export information table 222 has been 
searched in step 454, a step 456 determines whether 
the given file system 30 was found in the export infor- 
mation table 222. The given file system 30 is only 
present in the export information table 222 when the 

^o NFS server 200 is making the given file system 30 ac- 
cessible for sharing. When the given file system 30 is 
not found in search step 454, control is passed to a step 
458 whbh returns an error message to the NFS client 
12. In some embodiments of the present invention, ad- 

is ditional or different security measures nr^ay be per- 
formed. As described above with reference to Fig. 9, 
these include logging a message on the system termi- 
nal, maintaining a file record of unauthenticated client 
requests, and/or precluding operation of future NFS re- 

20 quests by the NFS client 12. 

When search step 454 successfully finds the given 
file system 30, control is passed from determination step 
456 to a step 460. Step 460 calls a subroutine NFS 
AUTH in order to determine the client's access status. 

25 The parameters for the call of step 460 include the cli- 
ent's network source address and the information from 
the export informatk)n table entry 226 corresponding to 
the given file system 30 (found in step 454). The client's 
network source address is a numerical identifier of the 

30 NFS client 12's network address. For example, if the 
network is operating under the well known TCP/IP net- 
work protocol, then the client's network source address 
will be the client's Internet protocol (IP) address. One 
suitable emlx>diment of subroutine NFS AUTH will be 

35 described in detail below with reference to Fig. 11 . As 
will be familiar to those skilled in the art, a subroutine is 
a portion of computer code which performs a process 
required at multiple points of execution within the com- 
puter code. By implementing such a process via a sub- 

40 routine, redundancy in the computer code is minimized. 
However, other suitable embodiments of the present in- 
vention may well implement redundant code rather than 
making calls to a subroutine NFS AUTH. 

In any event, in response to the call of step 460, the 

4S NFS service 220 receives the client's access status from 
the subroutine NFS AUTH. As will be appreciated, the 
client's access status will be one of read only (ro) ac- 
cess, read and write (rw) access, or no access. Control 
is then passed to a step 464 which determines whether 

50 the client's access status is equal to no access. If so, 
control is passed from step 464 to a step 466 which re- 
turns an error message to the NFS client 12. As will be 
appreciated, other embodiments may perform addition- 
al security measures. When the client's access status 

5S is something other than no access, control is instead 
passed to a step 468 which determines whether the re- 
quested file operation 26 requires a modification to the 
given file system 30. When the requested file operation 
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26 does not require a modification, then in a step 470 
the NFS client 1 2 is provided ro access status and the 
requested file operation 26 is performed. As will be ap- 
preciated, in the case when the requested file operation 
26 does not require a modification and the NFS client 
1 2 has an access status other than no access, it is suf- 
ficient in step 470 to provide merely ro access status to 
perform the requested file operation 26. 

However, when step 468 determines that the re- 
quested file operation 26 requires a modification to the 
given file system 30, control is passed to a step 472 
where the subroutine NFS AUTH is called (again) with 
the client's network source address and the information 
from the export information table entry 226 as parame- 
ters. This is necessary because, according to the em- 
bodiment of Fig. 10, the client's access status is not 
saved from step 464 to step 472. This is done in order 
to minimize use of the kernel 202*s memory space. How- 
ever, in other embodiments, kernel 202 could maintain 
a copy of the client's access status in which case step 
472 could be skipped. In any event, a next step 474 de- 
termines whether the client's access status is equal to 
ro access. When the client's access status is ro access, 
then the NFS client 12 is not authorized to perform the 
requested file operation 26 because It has been deter- 
mined, in step 468, to require a nr»odification to the given 
file system 30. Accordingly, control is passed to a step 
476 which returns an error message to the NFS client 
12. Of course, step 476 may implement other appropri- 
ate security measures including those described above 
with reference to step 458. When step 474 determines 
that the client's access status is not equal to ro, then the 
client's access status is rw. Thus, a next step 478 pro- 
vides the NFS client 1 2 with ro access and performs the 
requested file operation 26 on the given file system 30. 

As will be appreciated, the control flow of the meth- 
od 10 could be rearranged in a variety of ways, each 
suitable to determine whether the client's access status 
for the given file system 30 satisfied the access required 
for the requested file operation 26. 

Turning now to Fig. 11, a method 500 for the sub- 
routine NFS AUTH to respond to a call requesting the 
access status of an NFS client 12 in accordance with 
one aspect of the present invention will now be de- 
scribed: As will be appreciated, the method 500 may be 
incorporated into an NFS service 220 which does not 
utilize subroutines in order to determine the access sta- 
tus of the NFS client 12. In any event, the method 500 
begins in a step 502 which performs any required initial- 
ization processes. Then in a step 504 a request for ac- 
cess status having the NFS client 12's information and 
the file system identifier 228 as parameters is received. 
A next step 506 determines If the ro bit 230 is set. if so, 
control is passed to a step 508 which returns an access 
status of ro for the NFS client 12. Otherwise, a step 514 
determines if the rw bit 232 is set and, if so, control is 
passed to a step 516 which returns an access status of 
nv for the NFS client 12. 



When neither the ro bit 230 nor the rw bit 232 is set 
for the given file system 30. then a step 520 determines 
whether the client's source network address is found 
within an export authentication cache 224. As described 

s above with respect to the embodiment of Fig. 5. each 
export authenticatkxi cache such as export authentica- 
tion cache 224 is stored in the kernel 202's cache mem- 
ory and provides information regarding an access status 
of a specific NFS client. In the embodiment of Fig. 11, 

10 each export authentication cache 224 includes a source 
network address 240, a file system identifier 242, and a 
client access status 244. As will be understood, the cli- 
ent access status 244 indicates the access status of the 
NFS client 1 2 with respect to the resources klentified by 

IS the file system identifier 242. 

When step 520 matches the client's source network 
address with the source network address 240 in a par- 
ticular export authentication cache 224, a step 522 re- 
turns the value in the corresponding client access status 

^ 224 directly and the method 500 is done at step 530. 
Step 530 then passes control back to the main code of 
the NFS server 220. In the case where the export au- 
thentication cache 224 corresponding to both the given 
file system 30 and the NFS client 12 is not yet created, 

2S control is passed to a step 524. In step 524, the NFS 
AUTH subroutine calls the NFS authentication service 
252, passing the client's network source address and 
the file handle 24 as parameters. As described above 
with reference to Fig. 5, in preferred emtxxiiments the 

30 NFS authentrcation service 252 is resident in the mount 
daemon 204. However, in other suitable embodiments 
the NFS authentication service 252 coukf be residing in 
a separate process, even the kernel 202. 

In response to the call of step 524, the NFS AUTH 

35 subroutine receives the client's access status with re- 
spect to the given file system 30 in a step 526. Then, in 
a step 528, the NFS AUTH subroutine creates a corre- 
sponding entry of export authentication cache 224. Be- 
cause of this, subsequent queries as to the NFS client 

40 i2's access status can be answered directly from the 
cache memory 224 In the kernel 202. Once the authen- 
tication cache 224 is created, control passes to step 522 
which returns the NFS client 12's access status directly 
from cache. Then, in step 530, subroutine NFS AUTH 

4S is complete and process control is passed back to the 
main code of the NFS server 220. 

Turning now to Fig. 12, a method 550 for an NFS 
authentication service 252 to determine an NFS client 
12's access status to a given file system 30 in accord- 

50 ance with yet another aspect of the present invention 
will be described. As described above with reference to 
Fig. 5, the NFS authentication service 252 resides out- 
side the kernel 202 and within the mount daemon 204. 
This is done merely as a sound computer programming 

55 practice. However, In other embodiments of the present 
invention, the NFS authentication service 252 could re- 
side in a separate process or even within the kernel. This 
is primarily an application specific detail which may be 



8 



15 



EP 0 794 479 A1 



16 



decided upon implementation of the present invention. 
The method 550 starts in a step 552 where any neces- 
sary initialization processes are performed. Then in a 
step 554, the NFS authentication service 252 receives 
a request from the kernel to determine the NFS client s 
12's access status. A next step 556 searches the share 
table file 208 to determine if the given file system 30 has 
an entry therein. If the given file system 30 does not have 
an entry, then control passes to a step 558 which returns 
an access status of no access to the kernel 202. In some io 
embodiments, record may be logged of this inconsist- 
ency in a file and/or on the system terminal. Once step 
558 is done, control is passed to a step 568 where the 
current instance of the method 550 is complete. 

When the given file system 30 does have an entry is 
in the share table frie 208. a step 560 calls a network 
name service 270 to determine the hostname corre- 
sponding to the network source address of the NFS cli- 
ent 12. As described above with reference to Fig. 5, the 
network name sen/ice 270 performs network services 
such as providing a hostname corresponding to a given 
network source address. Because, in general, the share 
table file 208 identifies NFS clients by hostnames rather 
than network source addresses, step 560 Is required to 
enable searching the share table file 208. However, in 2S 
embodiments where the share table file 208 identifies 
NFS clients by their network source addresses, step 560 
would be unnecessary, in response to step 560, a step 
562 receives the hostname associated with the NFS cli- 
ent 12. Then a step 564 searches the share table file 30 
208 to determine the access status of the NFS client 1 2 
for the given file system 30 using the hostname associ- 
ated With the NFS client 12. As will be appreciated, 
when an access status is not found for the given file sys- 
tem 30, it merely indicates that the NFS client 12 has a 3S 
status of no access. Once the access status for the NFS 
client 12 is determined, a step 566 returns the access 
status to the kernel 202. 

In the embodiment of Fig. 12, the NFS authentica- 
tion service 252 determined the access status of the 40 
NFS client 1 2 according to the share table file 208. How- 
ever, in accordance with other embodiments of the 
present invention, an NFS authentrcation service 252 
can utilize additbnal resources and/or strategies in de- 
termining whether the NFS client 1 2 is entitled to access 4S 
a particular file system 30. For example, an NFS server 
200 may limit access to certain resources during peak 
use periods, allowing only a select group or a finite 
number of clients access during such times. This could 
be implemented by providing the NFS authentication so 
server 252 the current time and a table of clients author- 
ized for certain resources during the peak periods. 

With reference to Fig. 1 3, a method 600 for tempo- 
rarily modifying the access status of an NFS client 12 In 
accordance with one aspect of the present Invention will 55 
be described. In addition to providing dynamic NFS cli- 
ent authentication, the teaching of the present invention 
enables modification of the access status of an NFS cli- 



ent 1 2 after the NFS client 1 2 rTK>unts a given file system 
30. A step 602 begins the temporary modification whk;h 
is typically Initiated and performed by a system admin- 
istrator of an NFS sender 200. In a step 604, a share 
table file 208 is modified in accordance with the desired 
changes in access status for NFS clients. Then a step 
606 replaces corresponding entries in an export Infor- 
mation table 222 to represent the modified access sta- 
tus. Step 606 also includes purging of the cache 224 
entries. The method 600 is then complete in step 608. 
As will be appreciated, a proper combinatk>n of NFS 
share commands 610 will Implement the steps 604 and 
606. 

The method 600 of Fig. 13 can be adapted to per- 
manently modify the access status of the NFS client 12 
by performing modifications equivalent to those made 
to the share table file 208 on the dfstab file 206. If such 
modifications are performed, then upon initialization of 
the NFS sen/er 200, these changes will automatically 
become part of the share table file 208 and the export 
information table 222. as described above with refer- 
ence to Fig. 6. 

Although only one embodiment of the present in- 
vention has been described, it should be understood 
that the present invention may be embodied in many 
other specific forms without departing from the spirit or 
scope of the invent k)n. For example, the concepts de- 
scribed herein are equally applk:able within a variety of 
distributed file system computing environments. There- 
fore, the described embodiments should be taken as il- 
lustrative and not restrictive, and the invention shoukJ 
be defined by the following claims and their full scope 
of equivalents. 



Claims 

1. A method implemented on a server computer sys- 
tem for providing dynamic client authentication in a 
distributed file system computing environment, the 
method comprising the computer controlled steps 
of: 

receiving an NFS request from an NFS client, 
the NFS request including a file handle repre- 
senting a given file system available on the 
sender computer system and a file operation to 
be performed upon the given file system, the 
given file system modifiable by clients of the 
server computer having a corresponding ac- 
cess status of read-write with respect to the giv- 
en file system, readable by clients of the sen/er 
computer having the corresponding access 
status of read only with respect to the given file 
system, and inaccessible to all other clients of 
the server computer; 

dynamically detemriining whether the NFS cli- 
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ent has an access status sufficient to perform 
the NFS request; and 

performing the NFS request when the NFS cli- 
ent has sufficient access status. ^ 

2. A method as recited in claim 1 wherein the step of 
determining whether the NFS client has the access 
status sufficient to perform the NFS request in- 
cludes the substeps of: io 

searching an export information table resident 
on the sender computer system to determine 8. 
whether the given file system has an entry 
therein; and is 

returning an error indication to the NFS client 
when the file system is not found in the export 
information table. 

20 

3. A method as recited in claim 2 wherein when the 
export information table has an entry for the given 
file system, the entry including a read only bit which 
when set indicates global read only access to the 
given file system and a read-write bit which when 
set indicates global read and write access to the giv- 
en file system, the read only bit and the read-write 
bit being exclusive, the step of determining whether 
the NFS client has an access status sufficient to 
perform the NFS request further including the sub- 30 
steps of: 

when the read only bit is set, setting the client's 
access status to read only; and 

35 9. 

when the read-write bit is set, setting the client's 
access status to read-write. 

4. A method as recited In claim 3 wherein when the 
client's access status is one of read only and read- 
write and the file operation does not require a mod- 
ification of the given file system, the client's access 
status is sufficient to perform the NFS request. 

5. A method as recited in claim 3 wherein when the <s 
client's access status is read only and the file oper- 
ation requires a modification of the given file sys- 
tem, the client's access status is not sufficient to 
perform the NFS request. 

so 

6. A method as recited In claim 3 wherein when the 
client's access status is read-write, the client's ac- 
cess status is sufficient to perfomn the NFS request. 

7. A method as recited In claim 3 wherein when neither ss io. 
the read only bit nor the read- write bit is set, the 
method further includes the steps of: 



searching a cache memory resident on the 
server computer system to find a specific export 
authentication cache entry for the NFS client 
which corresponds to the given file system, the 
specific export authentication cache entry, 
when it exists, indicating the client's access sta- 
tus to the given file system; and 

when the specific export authentication cache 
entry does not exist, creating the specific export 
authentication. 

A method as recited in claim 7 further including the 
steps of: 

setting the client's access status to that indicat- 
ed by the specific export authentication cache; 

when the client's access status is one of read 
only and read-write and the file operation does 
not require a modification of the given file sys- 
tem, determining that the client's access status 
is sufficient to perform the NFS request; 

when the client's access status is read only and 
the file operation requires a nnodification of the 
given file system, determining that the client's 
access status is not sufficient to perform the 
NFS request; and 

when the client's access status is read^write, 
determining that the client's access status is 
sufficient to perform the NFS request. 

A method as recited In claim 7 wherein the step of 
creating the specific export authentication includes 
the substeps of: 

searching a share table file resident on the 
server computer system to find a share entry 
for the given file system; 

setting the client's access status to no access 
when the share entry for the given file system 
is not found in the share table file; 

determining the client's access status from the 
share entry for the given file system when the 
share entry is found in the share table file; and 

setting the client's access status according to 
the share entry for the given file system when 
the share entry is found in the share table file. 

A method as recited in claim 9 wherein access sta- 
tus information Is stored in the share table file ac- 
cording to client network names and the substep of 
determining the client's access status from the 
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share entry for the given file system includes calling 
a network name service available within the NFS 
computing environment in order to ascertain a net- 
work name for the NFS client. 

5 

11. A method as recited in claim 9 wherein the clienfs 
access status can be dynamically modified, without 
necessitating the NFS client to dismount, by modi- 
fying both the share table file and the export infor- 
mation table to indicate the client's modified access io 
status. 

12. A method as recited in claim 1 wherein the given 
file system is a resource available on the server 
computer, the resource being selected from the 
group including a file and a file system hierarchical 
structure. 

13. A method as recited in claim 1 wherein the step of 
determining whether the NFS client has the access ^ 
status sufficient to perform the NFS request in- 
cludes consideration of at least one of time, date, 
identity of the NFS client, a nature of the NFS re- 
quest, and a current status of a resource which the 
NFS request operates upon. 2S 

14. A computer readable medium containing a compu- 
ter program for providing dynamic client authentica- 
tion to a server computer operating in a distributed 

file system computing environment, the computer 30 
program comprising computer executable instruc- 
tions for 



performing the NFS request when the NFS cli- 
ent has sufficient access status. 

15. A computer readable medium as recited in claim 14 ss 
wherein the computer executable instruction of de- 
termining whether the NFS client has the access 
status sufficient to perform the NFS request in- 



cludes subinstructions for: 

searching an export information table resident 
on the server computer system to determine 
whether the given file system has an entry 
therein; and 

returning an error message to the NFS client 
when the file system is not found in the export 
information table. 

16. A computer readable medium as recited in claim 1 5 
wherein the export information table has an entry 
for the given file system, the entry including a read 
only bit which when set indicates global read only 
access to the given file system and a read-write bit 
which when set indicates global read and write ac- 
cess to the given file system, the read only bit and 
the read-write bit being exclusive, and the computer 
program instruction for determining whether the 
NFS client has an access status sufficient to per- 
form the NFS request further includes the computer 
executable subinstructions of: 

setting the client's access status to read only 
when the read only bit is set; and 

setting the client's access status to read-write 
when the read-write bit is set. 

17. A computer readable medium as recited in claim 1 6 
further including computer executable instructions 
such that when the client's access status is one of 
read only and read-write and the file operation does 
not require a modification of the given file system, 
the clienfs access status is sufficient to perform the 
NFS request. 

18. A computer readable medium as recited in claim 1 6 
further including computer executable instructions 
such that when the client's access status is read on- 
ly and the file operation requires a modification of 
the given file system, the client's access status is 
not sufficient to perform the NFS request. 

1 9. A computer readable medium as recited in claim 1 6 
further including computer executable instructions 
such that when the client's access status is read- 
write, the client's access status is sufficient to per- 
form the NFS request. 

20. A computer readable medium as recited in claim 1 6 
further including computer executable instructions 
such that when neither the read only bit nor the 
read-write bit is set, the computer program further 
executes the computer instructions for: 

searching a cache memory resident on the 



20 



2S 



receiving an NFS request from an NFS client, 
the NFS request including a file handle repre- 3S 
senting a given file system available on the 
server computer system and a file operation to 
be performed upon the given file system, the 
given file system modifiable by clients of the 
server computer having a corresponding ac- 
cess status of read-write with respect to the giv- 
en file system, readable by clients of the server 
computer having the corresponding access 
status of read only with respect to the given file 
system, and inaccessible to all other clients of ^5 
the server computer; 

dynamically determining whether the NFS cli- 
ent has an access status sufficient to perform 
the NFS request; and so 
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server computer system to find a specific export 
authentication cache entry for the NFS client 
which corresponds to the given file system, the 
specific export authentication cache entry, 
when it exists, indicating the client's access sta- s 
tus to the given file system; and 

when the specific export authentication cache 
entry does not exist, creating the specific export 
authentication. io 



hierarchical structure. 

24. A computer readable medium as recited in claim 14 
wherein the computer program instruction for deter- 
mining whether the NFS client has the access sta- 
tus sufficient to perform the NFS request considers 
at least one of time, date, identity of the NFS client, 
a nature of the NFS request, and a current status 
of a resource which the NFS request operates up- 
on. 



21. A computer readable medium as recited in claim 7 
further including computer program instructions for: 

setting the client's access status to that irKlicat- 
ed by the specific export authentication cache; 

when the client's access status is one of read 
only and read-write and the file operatbn does 
not require a modification of the given file sys- 
tem, determining that the client's access status 
is sufficient to perform the NFS request; 

when the client's access status is read only and 
the file operation requires a modification of the 
given file system, determining that the client's 
access status is not sufficient to perform the 
NFS request; and 

when the client's access status is read-write, 
determining that the client's access status is 
sufficient to perform the NFS request. 

22. A computer readable medium as recited in claim 20 
wherein the computer program instruction for cre- 
ating the specific export authentication includes the 
computer executable subinstructions for: 

searching a share table file resident on the 
server computer system to find a share entry 
for the given file system; 

setting the client's access status to no access 
when the share entry for the given file system 
is not found in the share table file; 

detemnining the client's access status from the 
share entry for the given file system when the 
share entry is found in the share table file; and 

setting the client's access status according to 
the share entry for the given file system when 
the share entry is found in the share table file. 

23. A computer readable medium as recited in claim 14 
wherein the given file system is a resource available 
on the server computer, the resource being select- 
ed from the group including a file and a file system 



25. A server computer for use in a distributed file sys- 
tem computing environment, the server computer 
operable to provide dynamic NFS client authentica- 

is Won, the sender computer comprising: 

a central processing unit (CPU); 

a random access menrK>ry accessible by the 
20 CPU; 

a read only memory accessible by the CPU; 

a network input/output port coupled with the 
25 GPU; 

a mass storage device accessible by the CPU, 
the mass storage device capable of storing a 
given file system modifiable by clients of the 

30 server computer having an access status of 

read- write with respect to the given file system, 
readable by clients of the sen/er computer hav- 
ing the access status of read only with respect 
to the given file system, and inaccessible to all 

35 other clients of the server computer; 

a kernel implemented on the server computer, 
the kernel implementing primitive functions of 
an operating system for the server computer; 
40 and 

a dynamic NFS client authentication service 
operable to receive an NFS request from an 
NFS client and to dynamically authenticate the 

45 NFS client in relation to the NFS request, the 

dynamic NFS client authentication service con- 
sidering at least one of time, date, identity of 
the NFS client, a nature of the NFS request, and 
a current status of a resource which the NFS 

50 request operates upon. 

26. A server computer as recited in claim 25 wherein 
the dynamic NFS client authentication service in- 
cludes: 

55 

an NFS service implemented within the kernel, 
the NFS service operable to receive the NFS 
request from the NFS client, the NFS request 
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including a file handle identifying the given file 
system and a file operation to be performed on 
the given file system, the client's access status 
for the given file system being one of no access, 
read only access, and read-write access, the s 
NFS service also operable to (a) authenticate 
the NFS client when the client's access status 
for the given file system has been determined 
in a previous NFS request, (b) authenticate the 
NFS client when the server computer provides io 
read only access to all NFS clients for the given 
file system and the file operation does not re- 
quire modifying the given file system, (c) au- 
thenticate the NFS client when the server com- 
puter provides read-write access to all NFS cli- 
ents for the given file system, and (d) make a 
dynamic authentication request to a resource 
extemal to the kernel when none of the neces- 
sary conditions tn (a)-(c} are met; and 

20 

an NFS authenticatbn service implemented on 
the server computer system and external to the 
kernel, the NFS authentication service being 
operable to receive, perform, and reply to dy- 
namic NFS client authentication requests sent 25 
from the NFS servtee. 



27. A sender computer as recited in claim 26 wherein 
the kernel includes: * 

30 

an export infomriatk^n table resident in the ker- 
nel, the export information table having entries 
for a plurality ot file systems available on the 
server computer, each entry being identical in 
format, an entry for a specific file system includ- 3S 
ing a read only bit which when set indicates glo- 
bal read only access to the specific file system 
and a read-write bit which when set indicates 
global read and write access to the specific file 
system, the read only bit and the read-write bit 40 
being exclusive; and 

a cache memory for storing a plurality of export 
authentk:ation cache entries, a particular ex- 
port authentk^tion cache entry including iden- 4s 
tifiers for a file system and an NFS client, and 
an access status of the NFS client with respect 
to a file system identified by the file system 
identifier. 

so 

28. A server computer as recited in claim 25 further in- 
cluding a share table file including a list of file sys- 
tems available for sharing on the server computer 
and a corresponding plurality of client's access sta- 
tus. 55 

29. A computer network including a plurality of compu- 
ter systems, wherein a one of the plurality of com- 



puter systems is a server computer as recited in 
claim 25. 

30. A method implemented on a server computer sys- 
tem for providing dynamic client authentication in a 
distributed file system computing environment, the 
method comprising the computer controlled steps 
of: 

receiving an NFS request from an NFS client, 
the NFS request including a file handle repre- 
senting a given file system available on the 
server computer system and a file operation to 
be performed upon the given file system, the 
given file system modifiable by clients of the 
server computer having a corresponding ac- 
cess status of read-write with respect to the giv- 
en file system, readable by clients of the server 
computer having the corresponding access 
status of read only with respect to the given file 
system, and inaccessible to all other clients of 
the server computer; 

searching an export information table resident 
on the server computer system to determine 
whether the given file system has an entry 
therein, the export information table having an 
entry for the given file system, the entry includ- 
ing a read only bit whbh when set indicates glo- 
bal read only access to the given file system 
and a read-write bit which when set indicates 
global read and write access to the given file 
system, the read only bit and the read-write bit 
being exclusive; 

when the read only bit is set, setting the client's 
access status to read only; 

when the read-write bit is set, setting the client's 
access status to read-write; 

when neither the read only bit nor the read-write 
bit is set, performing the following substeps of: 

(a) searching a cache memory resident on 
the server computer system to find a spe- 
cific export authentication cache entry for 
the NFS client which corresponds to the 

given file system, the specific export au- 
thentk^ation cache entry, when it exists, in- 
dicating the client's access status to the 
given file system to which the client's ac- 
cess status is then set; and 

(b) when the specific export authentication 
cache entry does not exist, creating the 
specific export authentication cache entry 
and then setting the client's access status 



so 
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to that indicated by the newly created spe- 
cific export authentication cache entry, the . 
specific export authentication cache entry 
creation including: 

5 

(i) searching a share table file resident 
on the server computer system to find 
a share entry for the given file system; 

(ii) setting the client's access status to io 
no access when the share entry for the 
given file system is not found in the 
share table file; 

(iti) determining the client's access sta- is 
tus from the share entry, for the given 
file system when the share entry is 
found In the share table file; and 

(iv) setting the client's access status 
according to the share entry for the giv- 
en file system when the share entry is 
found in the share table file; and 

performing the NFS request when either (i) the 2S 
client's access status is read only and the file 
operation does not require a modification of the 
given file system or (ii) the client's access status 
is read-write. 
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CLAIMS 



[Claim(s)] 

[Claim 1] It has the terminal unit which stores the file which treats data collectively under the directory 
in which the location of a layered structure is shown, and carries out file management. Each of this 
terminal unit is connected to a network, and each terminal unit is used as a host terminal unit. Said host 
terminal unit It includes in index information by making information on rating for accessing the 
directory and file about a share among these host terminal units into access permission information. The 
global-area function manager block which manages these all index information is included in [ at least 
one ] said network. Said host terminal unit Management of a file including said directory shared 
between each host terminal unit, and the local file management to this each host terminal unit itself, And 
the distributed file-sharing system characterized by including the file-sharing fiinction manager block 
which performs a setup and management of access permission information to the directory used for said 
file management. 

[Claim 2] It is the distributed file-sharing system characterized by managing said global-area fiinction 
manager block in a system according to claim 1 including said access permission information on said all 
directories to said index information. 

[Claim 3] It is the distributed file-sharing system characterized by said global-area fiinction manager 
block controlling the reference and updating of said index information in a system according to claim 1 
or 2. 

[Claim 4] It is the distributed file-sharing system characterized by including user management functional 
block which this system registers the access permission to said host terminal unit as User Information in 
a system according to claim 1, 2, or 3, and manages the propriety of an access permission based on 
authentication of this User Information in said host terminal unit. 

[Claim 5] It is the distributed file-sharing system characterized by holding the cache of said access 
permission information which holds the cache of the file about said share by which said host terminal 
unit is managed in a system given in claim 1 thru/or any 1 term of 4 for said index information on said 
global-area function manager block, and the parent directory of this file has. 

[Claim 6] It is the distributed file-sharing system characterized by for said file-sharing fiinction manager 
block on said each host terminal unit notifying renewal of the access permission information carried out 
locally to said global-area function manager block in a system according to claim 5, and this global-area 
function manager block notifying renewal of this access permission information further to all other host 
terminal units that store this access permission information. 

[Claim 7] It is the distributed file- sharing system characterized by said access permission information 
being variable length in a system according to claim 1, 2, 5, or 6. 

[Claim 8] It is the distributed file-sharing system characterized by including either the read-out authority 
over the user name or group name into which said access permission information is registered in the 
system according to claim 7, write-in authority, said read-out authority and said write-in authority. 
[Claim 9] It is the distributed file-sharing system characterized by permitting the creation to said cache 
of the retrieval and this file to read-out of the file name which said read-out authority has directly under 
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said directory in a system according to claim 8, or a directory name, and this file, and read-out of this 
file. 

[Claim 10] It is the distributed file-sharing system characterized by said write-in authority permitting a 
file or new registration of a directory, updating to this file or deletion, and deletion of said directory 
directly under said directory in a system according to claim 8. 

[Claim 1 1] It is the distributed file-sharing system characterized by including authorization of a file or 
new registration of a directory, updating to this file or deletion, and deletion of said directory the 
creation to said cache of the retrieval and this file to read-out of the file name which said read-out 
authority and said write-in authority have directly under said directory in a system according to claim 8, 
or a directory name, and this file and authorization of read-out of this file, and directly under said 
directory. 

[Claim 12] In the host terminal unit with which network connection of each of the host terminal unit 
which stores the file which treats data collectively under the directory in which the location of a layered 
structure is shown, and carries out file management was carried out The 1st process which outputs an 
access request to the object of said file management according to the actuation to the information on this 
directory and either of said files. According to this access request, authority of the user to said object 
who does access actuation is made into an access pemiission. When said user has the 2nd process which 
judges whether there is any access rating over said access request of this user using the access 
permission managed collectively, and said access permission which satisfies this access rating. When 
judged with the 3rd process which performs processing corresponding to said access request to said 
information, and a user without said access rating. The 4th process which outputs the response which 
avoids the processing corresponding to said access request. The 5th process which processes to this 
index information by making index information containing said access permission to each of said host 
terminal unit into an administration object. The file access control approach of the distributed file- 
sharing system characterized by including the 6th process which outputs the reply signal corresponding 
to processing of this index information to said operated host terminal unit. 

[Claim 13] It is the file access control approach of the distributed file-sharing system characterized by 
including either the read-out authority over the user name or group name into which said access 
permission is registered in the approach according to claim 12, write-in authority, said read-out authority 
and said write-in authority. 

[Claim 14] It is the file access control approach of the distributed file-sharing system characterized by 
permitting the creation to said cache of the retrieval and this file to read-out of the file name which said 
read-out authority has directly under said directory in an approach according to claim 13, or a directory 
name, and this file, and read-out of this file. 

[Claim 15] It is the file access control approach of the distributed file-sharing system characterized by 
said write-in authority permitting a file or new registration of a directory, updating to this file or 
deletion, and deletion of said directory directly under said directory in an approach according to claim 
13. 

[Claim 16] It is the file access control approach of the distributed file-sharing system characterized by to 
include authorization of a file or new registration of a directory, updating to this file or deletion, and 
deletion of said directory the creation to said cache of the retrieval and this file to read-out of the file 
name which said read-out authority and said write-in authority have directly under said directory in an 
approach according to claim 13, or a directory name, and this file and authorization of read-out of this 
file, and directly under said directory. 

[Claim 17] In an approach given in claim 12 thru/or any 1 term of 16 the 2nd process The 7th process 
which judges whether you are the system administrator to whom the user who this accessed manages 
said whole network when a user accesses from said host terminal unit. The 8th process to which 
propriety of actuation to said file is made into an access permission, and the access permission of these 
all files is permitted when this judgment is said system administrator. The 9th process which acquires 
the access permission to the group to whom this user belongs when said judgment is a different user 
fi-om said system administrator. The 10th process which judges whether the parent directory information 
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which expresses the origin for actuation with the host terminal unit to operate is held, The 11 th process 
which acquires the parent directory information which corresponds out of the index information over a 
file including said directory when said parent directory information judges with an empty condition. The 
file access control approach of the distributed file-sharing system characterized by including the 12th 
process which checks the access permission which said parent directory information contains, and 
performs either authorization of said access permission, and prohibition according to the check result of 
this access permission. 

[Claim 18] The file access control approach of the distributed file-sharing system which progresses to 
the 12th process including the 13 th process said user judges whether you are the owner of said directory 
between the 1 1th process and the 12th process to be at the time of the owner of said directory, and is 
characterized by forbidding said access permission at the times other than this, and ending in an 
approach according to claim 17. 

[Claim 19] It is the file access control approach of the distributed file- sharing system characterized by 
performing control which maintains the connection relation of the host terminal unit and one to one to 
which the 5th process sent out said access request during this processing period in the approach given in 
claim 12 thru/or any 1 term of 18. 



[Translation done.] 
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* NOTICES * 

Japan Patent Office is not responsible for any 
damages caused by the use of this translation. 

1 .This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2.**** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



DETAILED DESCRIPTION 

[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention is applied to the distributed file system which attains share- 
ization of the file with which two or more terminal units which distribute a distributed file-sharing 
system to a network about a distributed file-sharing system and its file access control approach, and are 
connected are equipped, and is virtually made into one file system, is suitable, treats this distributed file 
system as an imagination file system, is used for the access control to the directory and the file in this 
file system, and relates to the suitable file access control approach. 
[0002] 

[Description of the Prior Art] Usually, the access control list as an OS (OperatingSystem) fiinction is 
used for the control approach which accesses a file on one computer terminal equipment (henceforth a 
host terminal imit) used as a host. In the UNIX (trademark) system which is one of the OS's, for every 
file or directory, it classifies into an owner, an owner group, and other users, the access permission of 
read-out, writing, and activation is set as each to this classification, and the access control of a file is 
realized. When using a host terminal unit through a network fi-om a remote terminal, the host terminal 
unit has judged the access permission to the file and directory which were mentioned above according to 
a user's account stored in the host terminal unit. 

[0003] In addition, in the viewpoint of an access control, when two or more host terminal units share a 
file server, the approach of carrying out a load distribution (unloading) accompanying this share is 
proposed. The shared file system in a distributed system given in JP,1 1-120063, A is attaining 
improvement in the speed of processing, as the coimt load of file management is lost and a transfer of 
file data does not go via a network. 

[0004] Shared file management equipment given in IP,9-305470,A supervises the condition of a shared 
file, and the condition of a file storing means, aims at arrangement of a shared file, or reexamination of 
multiplexing in the system management section based on a monitor result, performs the migration or 
multiplexing of a shared file according to reexamination in the file access control section, and is raising 
employment effectiveness. Moreover, a distributed file system given in JP,8-77054,A Two or more 
creation and deletion of a division file corresponding to a distributed file are made to perform to two or 
more server calculating machines on the calculating-machine cluster which carried out network 
connection of two or more calculating machines by the division file creation section and the division file 
cutout, respectively. In the distributed file management section, before performing reference/updating 
demand to a distributed file Reference/updating symmetry information over a division file is delivered to 
a client computer. By determining the whereabouts of the division file in which the index of the record 
used for assignment of reference/updating demand in reference/updating demand symmetry section is 
stored according to this information, even if a processing demand concentrates, a load distribution is 
carried out effectively. 

[0005] Furthermore, as for the file server system of a publication, two or more file servers are installed 
in JP,6-332782,A side by side through a network, and a file server is accessed at each file enclosure. In 
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this system a file access demand allocation means The load profile initiation of each file server 
measured with the load information monitoring means is referred to. When file management which 
selects the file server which carries out a file access is performed and the selected file server publishes a 
file access demand through a communications control means to respond for whether being self server or 
other servers, and to correspond Choose the light file server of a load, and he makes it access at the time 
of file writing, and is trying for an access request not to concentrate on a specific file server especially. 
Four proposals mentioned above are proposals based on the viev^oint of an access control, and are 
completely different techniques firom the approach of giving an access permission and controlling access 
of a file, 
[0006] 

[Problem(s) to be Solved by the Invention] By the way, two or more host terminal units are distributed 
and arranged in a network, and the distributed file-sharing system which regarded these like one file 
system virtually is examined. Generally, in such a distributed file system, it becomes a big problem how 
unitary management of the access permission in a system is performed. That is, in this distributed file 
system, one host terminal unit carries out motion control of the access permission management server. If 
the approach of imitating the file access of the UNIX system mentioned above at this time, and checking 
all the access permissions of file pass is applied, since both a directory and a file are checked to the 
judgment of the access permission of a file, a distributed file system may require time amoxmt for 
retrieval too much, and may not be realistic, 

[0007] Since the access permission in an application level is judged to each directory and file of all file 
pass corresponding to retrieval conditions when the distributed file-sharing system which considered the 
share nature of a file performs a file search, it is presumed in a distributed file-sharing system that 
fiirther much retrieval time starts. 

[0008] Moreover, since it considers virtually that the distributed file-sharing system was mentioned 
above with one file system, it becomes possible to carry out the cache of the duplicate of the file of a 
certain host terminal unit to other host terminal units. Unless a file is deleted, in order to check the 
access permission about this file, it becomes unnecessary to carry out the file of the host terminal unit 
which accessed once and was obtained by this cache function through a network. In spite of this 
situation, in case a host terminal unit judges the access permission of the file to build in, it will ask the 
server for access permission management through a network. This will make the semantics which 
carries out the cache of the file to a host terminal unit reduce. 

[0009] This invention cancels the fault of such a conventional technique, and it aims at offering the 
distributed file-sharing system which can attain shortening of the retrieval time in connection with an 
access permission, and the inci-ease in efficiency of file manipulation, and its file access control 
approach. 
[0010] 

[Means for Solving the Problem] In order that this invention may solve an above-mentioned technical 
problem, it has the terminal unit which stores the file which treats data collectively under the directory in 
which the location of a layered structure is shown, and carries out file management. Each of this 
terminal unit is connected to a network, and each terminal unit is used as a host terminal unit. A host 
terminal unit It includes in index information by making information on rating for accessing the 
directory and file about a share among these host terminal units into access permission information. The 
global-area function manager block which manages all these index information is included in [ at least 
one ] a network. A host temiinal unit Management of a file including the directory shared between each 
host terminal unit, and the local file management to each of this host terminal unit itself. And it is 
characterized by including the file-sharing fiinction manager block which performs a setup and 
management of access permission information to the directory used for file management. 
[001 1] The distributed file-sharing system of this invention performs management according to an 
access permission fi-om index information using the index information about the file shared to a global- 
area function manager block, even if the host terminal unit which a user operates does not have the 
target directory information, can obtain an access permission from a global-area fimction manager block 
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easily, without performing access to each host terminal imit, and performs local management with a file- 
sharing function manager block. 

[0012] Moreover, in order that this invention may solve an above-mentioned technical problem In the 
host terminal unit with which network connection of each of the host terminal unit which stores the file 
which treats data collectively under the directory in which the location of a layered structure is shown, 
and carries out file management was carried out The 1st process which outputs an access request to the 
object of file management according to the actuation to the information on this directory and either of 
the files, The 2nd process which judges whether there is any access rating over this user's access request 
using the access permission which makes an access permission authority of the user to an object who 
does access actuation, and is collectively managed according to this access request. When a user has the 
access permission which satisfies this access rating and it is judged with the 3rd process which performs 
processing corresponding to an access request to information, and a user without access rating. The 4th 
process which outputs the response which avoids the processing corresponding to an access request. The 
5th process which processes to this index information by making index information containing the 
access permission to each of a host terminal unit into an administration object. It is characterized by 
including the 6th process outputted to the host terminal unit which operated the reply signal 
corresponding to processing of this index information. 

[0013] In case the file access control approach of the distributed file-sharing system of this invention 
performs actuation to the information on a directory and either of the files, it can attain shortening of the 
duration of retrieval compared with the judgment by the file search in each application level by judging 
by the access permission which is having it set up whether access to the object to this actuation can be 
performed, and controlling. 
[0014] 

[Embodiment of the Invention] Next, with reference to an accompanying drawing, one example of the 
distributed file-sharing system by this invention is explained to a detail. 

[0015] This example is the case where the distributed file-sharing system of this invention is applied to 
the distributed file system 10 which is a virtual file system. Illustration and explanation are omitted 
about a part without the direct relation to this invention. By the following explanation, a signal is 
directed with the reference number of the appearing path cord. 

[0016] As shown in drawing 1 , two or more host terminal units 12 and 14, 16, 18, 20, and ... are 
connected to the distributed file system 10 in the network 100. The file- sharing index function manager 
section 120 and the index information file 1244 are included in the host terminal unit 12. The host 
terminal unit 14 is equipped with the User Information function manager section 140 and the User 
Information file 1444. Moreover, the file-sharing function manager section 160, 180 and a data file 
1644, and 1844 are arranged in the host terminal unit 16 and 18 the lot every, respectively. Also in the 
host terminal unit which expressed with the altemate long and short dash line to which the reference 
mark is not given, either of three kinds corresponds. 

[0017] Furthermore, a configuration is explained about each host terminal unit. The host terminal unit 
12, 14, 16, 18, and ... are equipped with main fi-ame section 12a, 14a, 16a, 18a, ... and peripheral-device 
section 12b, 14b, 16b, 18b, and respectively. Main frame section 12a contains CPU(Central 
Processing Unit) 120a, memory 122, storage 124, and the network connection section 126, as the host 
terminal unit 12 is shovra in drawing 2 . There is a mouse 132 in peripheral-device section 12b as a 
display 128, a keyboard 130, and a pointing device, and peripheral-device section 12b is connected to 
main frame section 12a through signal Hnes 134, 136, and 138. 

[0018] Storage 124 is hard disk drive equipment (it is called HDD below Hard Disk Drive unit:). 
Storage 124 was divided into program storage area 124P and data storage area 124D, and is memorized. 
The file-sharing index manager 1240 and the actuation interface processing program 1242 are stored in 
program storage area 124P. The file-sharing index manager 1240 manages the file and the index 
information file 1244 of all directories by which share assignment was carried out in the host terminal 
unit 12 linked to a network 100, 14, 16, 18, and ... There is an index information file 1244 in data 
storage area 124D, and the index information on all files or directories by which share assignment was 
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carried out is included in it. 

[0019] The network connection section 126 is a connection interface with a network 100. The host 
terminal unit 12 is connected to a network 100 through the network connection section 126, and the 
distributed file system 10 is building one virtual file system as the whole including other host terminal 
imits 14, 16, 18, and ... 

[0020] Main frame section 14a contains CPU 140a, memory 142, storage 144, and the network 
connection section 146, as the host terminal unit 14 is shown in drawing 3 . There are a display 148, a 
keyboard 150, and a mouse 152 in peripheral-device section 14b, and peripheral-device section 14b is 
connected to it through main frame section 14a and signal lines 154, 156, and 158. 
[0021] Storage 144 is HDD, and storage 144 was divided into program storage area 144P and data 
storage area 144D, and it has memorized it. The User Information manager 1440 and the actuation 
interface processing program 1442 are stored in program storage area 144P. The User Information 
manager 1440 manages the User Information file 1444 in the host terminal unit 12 linked to a network 
100, 14, 16, 18, and ... There is confidential information which specifies a user, such as user ID 
(IDentifier) and a password, in the User Information file 1444. ITie User Information file 1444 is stored 
in data storage area 144D. 

[0022] Grouping of the User Information fimction manager section 140 can be carried out based on the 
information which defines User Information in the User Information file 1444, Since definition 
information can be set up variously, a user can belong to two or more groups. The User Information 
fiinction manager section 140 performs user authentication, when the user who operates it uses an 
actuation interface. The user ID and confidential information which were mentioned above use a 
keyboard at the time of a log in, and are inputted into a host terminal unit, and user authentication is 
performed by collating with User Information in the User Information file 142. 
[0023] User Information is user ID, confidential information, etc. more concretely. The User 
Information function manager section 140 permits actuation only to the congruous valid users as a result 
of this authentication. At this time, the actuation interface processing program of the corresponding host 
terminal unit is loaded to memory 122, and actuation is received as actuation interface processing 
facility section 142a. 

[0024] The network connection section 146 is a connection interface with a network 100. The user ID 
and confidential information fi-om each host terminal unit 12, 16, 18, and ... are supplied through the 
network connection section 146 at the host terminal unit 12 without the User Information function 
manager section 140 and the User Information file 142, 16, 18, and and the propriety of an 
authentication result is retumed. A user's access propriety is decided according to this returned result. 
[0025] In addition, the file-sharing fiinction manager section later mentioned although not illustrated 
may be included in the host terminal unit 14. 

[0026] Moreover, main frame section 16a contains CPU 160a, memory 162, storage 164, and the 
network connection section 166, as the host terminal unit 16 is shown in drawing 4 . There are a display 
168, a keyboard 170, and a mouse 172 in peripheral-device section 16b, and peripheral-device section 
16b is connected to it through main frame section 16a and signal lines 174, 176, and 178. 
[0027] By HDD, storage 164 was divided into program storage area 164P and data storage area 164D, 
and has memorized storage 164. The file-sharing manager 1640 and the actuation interface processing 
program 1642 are stored in program storage area 164P. The file-sharing manager 1640 is managed 
according to the data file 1644 by which share assignment was separately carried out in the host terminal 
unit 16 linked to a network 100, 18, and and the processing to 1844. Directory information and file 
information are stored in the data file 1644 of data storage area 164D. 

[0028] The file-sharing fimction manager section 160 can aim at cooperation with other host terminal 
units 12, 14, 18, the file-sharing index function manager section 120 of the User Information fimction 
manager section 140 and the file-sharing fiinction manager section 180, and ... while realizing a file and 
the actuation fiinction of a directory locally. A file and the actuation function of a directory are an add 
function, a retrieval fimction, an acquisition function, a read-out function, an updating function, and the 
Delete function, as the latter part explains. 
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[0029] In a distributed file system 10, the host terminal xmit 16, the same host terminal unit 18 of a 
configuration, and ... distribute, and it is arranged at it. The host terminal unit 18 has the file-sharing 
fimction manager section 1 80. 

[0030] Next, the information on data storage area 164D treated by the distributed file system 10, and 
184D and 124D is explained. The host terminal unit 16 contains a data file 1644 in data storage area 
164D. A data file 1644 contains directory information P and file 164A (= "/P/A") to a directory "/P", as 
shown in drawing 5 (a). Here, file 164A holds file information A and file 164a as one file. A directory 
"/P" and file 164A are operated through actuation interface processing facility section 162a, and are 
created and registered by the fiinction of the file-sharing function manager section 160. 
[0031] However, file 164a is not necessarily the file of the file pass "/P/A" in OS used with the host 
terminal xmit 16. When the file which is under management of the file-sharing fiinction manager section 
160 firom actuation interface processing facility section 162a is displayed, the tree structure of file 164A 
is shown to a directory "/P" like the local view of drawing 5 (b). 

[0032] Similarly, the host terminal unit 18 containing the file-sharing fiinction manager section 180 has 
directory information Q and R in the data storage area of drawing 6 (a), file information B and file 184b, 
and file 184C are file information C and file 184c, and file 184B associates it, respectively. More 
specifically, the file is managed in the relation of a directory "/Q", "/Q/R" and a file "/Q/184B", and 
"Q/R/184C." The directory and file which were mentioned above are operated through actuation 
interface processing facility section 182a, respectively, and are created and registered by the fiinction of 
the file-sharing fimction manager section 180. It is not necessarily the file of the file pass "/Q/184B" in 
OS which uses file 184b and 184c with the host terminal unit 18 also in this case, and "/Q/R/184C" 
When the file which is under management of the file-sharing fimction manager section 180 fi-om 
actuation interface processing facility section 182a is displayed, the tree structure of file 184C is shown 
to file 184B and a directory "/Q/R" like the local view of drawing 6 (b) to a directory "/Q." 
[0033] Moreover, the host terminal unit 12 carries out unitary management of directory information [ of 
a distributed file system 10 ] P, Q, R and file information A, B, and all C in the file-sharing index 
fimction manager section 120, as shown in drawing 7 (a). It is stored in index information, the call, and 
the index information file 1244 to these [ all ]. If the index information file 1244 is indicated by the 
global view by management of the file-sharing index fiinction manager section 120, the index 
information file 1244 containing directory information and file information is "/directory P"-fiIe 
information A, as shown in drawing 7 (b), "/directory Q"-file information B, And it is expressed with the 
imagination tree structure of directory "/Q/R"-file information C. 

[0034] Next, the directory information and file information which were mentioned above are explained. 
Directory information has a key 40, a directory name 42, the directory refix date 44, the owner 46, the 
cancellation day 48, the open day 50, and the access permission 52, as shown in drawing 8 . A key 40 is 
a value showing a directory. A directory name 42 shows the virtual directory path name in a distributed 
file system 10. The directory refix date 44 is the information on a day that this directory was updated at 
the end. An owner 46 expresses an owner name by making the implementer of a directory into an owner. 
Directory information can update only system administrator admin with this owner. 
[0035] Moreover, there are a cancellation day 48 and a open day 50 as a day which specifies the outside 
for retrieval. The cancellation day 48 is an expiration date end date the target [ retrieval ] as which 
outside for retrieval is set when it passes over this day, and the open day 50 is an expiration date opening 
day for [ which makes the day before this the outside for retrieval ] retrieval. An access permission 52 
contains an access control list. 

[0036] An access control list makes a user name or a group name, and an access permission correspond 
to drawing 9 so that it may be shown. A user name and a group name are names registered into the User 
Information file 1444 by the User Information Management Department function part 140. There are 
read-out (henceforth r) authority, write-in (henceforth w) authority, and read-out write-in authority 
(henceforth rw) authority in an access permission, and any one authority makes it correspond to a user 
name or a group name among these three. The access control list is made into variable length. The latter 
part explains an access permission fiirther. 
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[0037] File information includes a key 60, a file name 62, the file updating day 64, the owner 66, the 
cancellation day 68, the open day 70, and the condition 72 of a file, as shown in drawing 10. Since the 
item of the same name as directory information is the same definition in file information, explanation is 
omitted. Here, a file name 62 is a virtual-file pathname, and an owner 66 is a registrant of a file. 
Moreover, the file is the identifier which distinguishes original or a cache, i.e., the reproduced thing, in 
the condition 72 of a file. 

[0038] Here, the file- sharing management at the time of gaining, when the host terminal unit 16 carries 
out the cache of the file 184B fi-om the host terminal unit 18 (dupHcate) is shown in drawing 11. With 
this acquisition, as shown in drawing 1 1 (a), directory information Q and file 1 84B are added to data 
storage area 164D of the host terminal unit 16. File 184B contains file information B and file 184b. The 
slash is given to the information by which the cache was carried out. Therefore, when a user makes the 
file display under management of the file-sharing function manager section 160 perform fi'om actuation 
interface function part 162a, file 184B is visible to a directory "/P" by file 164A and the directory "/Q" 
with a local view. 

[0039] However, file 184B also shows that it is a cache (duplicate) as shown by the slash. 
[0040] Next, the access permission in directory information is explained. For example, r authority in 
Directory P is the authority over the directory P fi-om the file-sharing fimction manager section of the 
host terminal unit of arbitration, and is the read-out authority of the directory name of a directory P 
directly under the authority of retrieval / acquisition / read-out processing of as opposed to [ as opposed 
to / to the 1st / the read-out authority of the file name of a directory P directly under ] the file of a 
directory P directly under to the 2nd, and the 3rd. Meaning that the acquisition processing mentioned 
above creates the cache of the read file, read-out processing means mere read-out. 
[0041] Moreover, w authority in Directory P is the authority over the directory P from the file-sharing 
fimction manager section of the host terminal unit of arbitration, and is updating/deletion authority of 
the file of a directory P directly under the creation authority of a directory new directly under directory P 
to the 1st, and the 2nd in the registration authority of a file new directly under directory P to the deletion 
authority of the directory of a directory P directly under, and the 3rd, and the 4th. However, renewal of a 
cache file cannot be performed. 

[0042] In the distributed file system 10, the system administrator account admin exists and Account 
admin has rw authority to all directories. Moreover, the owner of a directory has rw authority to the 
directory to own. 

[0043] Next, the judgment procedure of an access permission is explained. A user has got the propriety 
of access actuation in response to the judgment of an access permission, before performing directory 
actuation and file manipulation. As shown in drawing 12, an actuation user judges that he is a system 
administrator (step SIO). User ID actually judges this judgment by whether it is the system administrator 
account admin. When user ID is in agreement with the system administrator account admin (YES), 
access of all directories and files is permitted to an actuation user (step SI 2). The access permission at 
this time is rw authority. It shifl:s to termination afl:er this judgment. 

[0044] Moreover, when an actuation user is not the system administrator account admin, all the groups 
to whom an actuation user belongs in (NO) and a distributed file system 10 are acquired (step SI 4). 
When this group information logs in to the host terminal unit to be used, it can operate the User 
Information fimction manager section 140 of the host terminal unit 14, and it can be acquired from the 
User Information file 1444. 

[0045] Next, it judges whether the directory and the parent directory information on a file which are 
made applicable to actuation are on the host terminal imit currently operated (step SI 6). When parent 
directory information is not held, the host terminal unit under (NO) and actuation acquires parent 
directory information from the index information file 1244 through the file-sharing index function 
manager section 120 of the host terminal unit 12 (step SI 8). 

[0046] Moreover, after acquiring the case where parent directory information is held, and parent 
directory information, an access permission is checked with reference to the access control list contained 
in parent directory information (step S20). 
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[0047] Next, it judges whether the entry which shows at least one authorization exists in the access 
permission obtained by the check (step S22). When an authorization entry exists (YES), it enables it for 
the host terminal unit under actuation to perform processing according to authorization (authorization: 
step S24). Moreover, when an authorization entry does not exist, access to (NO), a directory, and a file 
is forbidden (step S26). It shifts to termination through these processings. 

[0048] The judgment of an access permission has not only the procedure mentioned above but the 
judgment processing performed when updating the drawing 13 directory information. To the process in 
which the same processing as the verification procedure of the access permission of drawing 12 is 
performed, the reference mark attached with the flow chart of drawing 12 is given, and explanation is 
sharply omitted in it. By the judgment (step SIO) of being a system administrator, when an actuation 
user is a system administrator, all are permitted and user authentication is ended. When judged with 
actuation users other than this not being system administrators, it judges whether the parent directory 
information (NO) and for actuation is held (step SI 6). When this parent directory is not held, (NO) file- 
sharing index function manager section 120 is operated, and it acquires from the index information file 
1244. 

[0049] Next, with reference to the directory infomiation currently held or the acquired directory 
information, an actuation user checks that he is the owner of a directory (step S28). When the owner of 
directory information is compared with an actuation user's user ID and it is in agreement (YES), renewal 
of informational is permitted (step S24). Moreover, when this comparison is an inequality, renewal of 
(NO) and information is forbidden, and it is made disapproval (step S26). Thus, in renewal of 
information, user authentication is performed, and the existence of updating rating is judged and it ends. 
[0050] The sequence of the directory actuation in a distributed file system 10 and file manipulation is 
explained performing a judgment and user authentication of such an access permission. A directory and 
the sequence about a file are as being fundamentally shown in drawing 14. This fundamental sequence is 
creation of a directory, the renewal of directory information, and deletion of a directory. 
[0051] In the sequence of drawing 14, the expedient top of explanation and the host terminal unit 16 are 
used. The operator guidance signal 200 over a directory is supplied to actuation interface processing 
facility section 162a by the key stroke at time of day TIO. Actuation interface processing faciUty section 
162a sends out the directions demand signal 202 to the file-sharing function manager section 160 at time 
ofdayT12. 

[0052] In the file-sharing function manager section 160, judgment processing of the access permission 
to a directory is started at time of day T14. At time of day T16, the file-sharing function manager section 
160 sends out the information acquisition demand signal 204 of parent directory information to the file- 
sharing index function manager section 120 of the host terminal unit 12, when there is no directory 
information. The file-sharing index function manager section 120 starts retrieval of the parent directory 
information demanded based on the index information file 1244 which is carrying out unitary 
management at time of day T18. The file-sharing index function manager section 120 sends out the 
parent directory information acquired by retrieval to the file-sharing function manager section 160 as an 
acquisition information signal 206 at time of day T20. 

[0053] The file-sharing function manager section 160 checks an access permission based on the parent 
directory information supplied at time of day T22. When it judges with the file-sharing function 
manager section 160 not having the access permission obtained according to a check, the reply signal 
208 which shows that there is no authority at time of day T24 is sent out to actuation interface 
processing facility section 162a. Furthermore, actuation interface processing facility section 162a 
outputs the reply signal 210 which shows that there is no authority to the display 168 which a user uses. 
Thereby, a user gets to know that there is no access permission. 

[0054] Moreover, when parent directory information exists in the data file 1644 under management in 
the file-sharing function manager section 160 in judgment processing of an access pemiission, an access 
permission is immediately checked at time of day T16. When it is judged that there is no access 
permission, it progresses to the response processing which performs subsequent processings at time of 
day T24, and the time of day T24 mentioned above and response processing of T26 are performed 
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further. 

[0055] On the other hand, when there is an access permission as a result of the check judging of an 
access permission, it progresses to demand processing at time of day T28 from the phase of time of day 
T16 or time of day T22. At this time, the file-sharing function manager section 160 performs each 
processing according to a directions demand, and notifies it to the file-sharing index function manager 
section 120 by making into the notice signal 212 of information directory information processed at time 
of day T28. A distributed file system 10 has a possibility that mismatching may occur, even if an 
actuation demand is given from two or more host terminal units to coincidence by the file-sharing index 
function manager section 120 through a network 100. 

[0056] In order to prevent generating of this mismatching, the host terminal unit 120 performs 
coimection control of one to one which communicates only with one host terminal unit. If it sees in 
another viewpoint, exclusive control is performed so that the file-sharing index function manager section 
120 cannot conrniunicate except the host terminal unit under coimection. The processing to an 
administration object is completed from time of day T30, and this exclusive control is continued till the 
time of day T32 when the file-sharing index function manager section 120 sends out a reply signal 214 
to the file-sharing function manager section 160. 

[0057] The file-sharing function manager section 160 outputs the reply signal 216 which shows that 
demand processing was completed at time of day T34 to actuation interface processing facility section 
162a. Furthermore, actuation interface processing facility section 162a sends out a reply signal 218 to a 
display 168 at time of day T36. Thereby, an actuation user gets to know that desired processing was 
completed. 

[0058] A more concrete example is given and it explains briefly. In directory creation, in a distributed 
file system 10, the host terminal unit 16 operates directory creation through actuation interface 
processing facility section 162a from the host terminal unit 16 (time of day T12). The file-sharing 
function manager section 160 starts judgment processing of whether an actuation user has w authority 
among access permissions (time of day T14). 

[0059] When w authority is checked, the file-sharing function manager section 160 will create directory 
information by time of day T28 based on the input data supplied through actuation interface processing 
facility section 162a from the keyboard 170. The file-sharing function manager section 160 notifies the 
directory information created at time of day T28 to the file-sharing index function manager section 120. 
Between time of day T30-T32, performing exclusive control mentioned above, the file-sharing index 
function manager section 120 is added to the index information file 1244 by making notified directory 
information into an administration object, and updates index information. 

[0060] When there was no w authority and it is checked at time of day T16 or time of day T22, the file- 
sharing function manager section 160 progresses to processing of time of day T24, and performs future 
response processings. 

[0061] When updating directory information, the host terminal unit 16 performs directory information 
update operation through actuation interface processing facility section 162a. In response to this 
actuation, the file-sharing function manager section 160 performs access judging processing of user 
authentication according to whether directory information is owned at either time of day T16 and the 
time of day T22. When [ which an actuation user calls the owner or system administrator of a directory ] 
judged, access to which the host terminal unit 16 updates directory information is permitted. 
[0062] The file- sharing function manager section 1 60 creates the directory information updated based on 
the input data supplied through actuation interface processing facility section 162a by time of day T28 
from the keyboard 170. The file-sharing function manager section 160 notifies the directory information 
created at time of day T28 to the file-sharing index function manager section 120. Between time of day 
T30-T32, performing exclusive control mentioned above, the file-sharing index function manager 
section 120 is added to the index information file 1244 by making notified directory information into an 
administration object, and updates index information. 

[0063] By the way, since the file-sharing index fimction manager section 120 knows whether the 
directory updated to which host terminal unit exists, it notifies the updated directory information. This 
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notice is called notice of an event. The notice of an event is not limited to updating and performed also 
in the directory deletion, file updating, and file deletion which are mentioned later. From the procedure 
shown below being the same also in directory deletion, file updating, and file deletion, the explanation 
in the latter part is simplified about three above-mentioned processings, and it explains paying attention 
to a different point, 

[0064] Suppose that the host terminal unit 18 and 20 have a directory applicable to this notice of an 
event. In tiiis case, as shown in drawing 15, the file-sharing index fimction manager section 120 notifies 
time of day T40 and the directory information updated by T44 as the notice signal 220 of an event, and 
222 to the host terminal unit 1 8 and 20, respectively. The file-sharing fimction manager section 1 80 will 
update the directory information in a data file 1844 by time of day T48 in response to the notice of an 
event at time of day T42. Moreover, file-sharing fimction manager section 20a will update data file (not 
shown) directory information by time of day T50 in response to the notice of an event at time of day 
T46. 

[0065] The file-sharing fimction manager section 180 notifies the directory information updated in the 
file-sharing index function manager section 120 to time of day T48 as a notice signal 224 of updating. 
Similarly, file-sharing fimction manager section 20a notifies the directory information updated at time of 
day T50 as a notice signal 226 of updating. During time of day T52-T54 is controlled exclusively, and 
the file-sharing index fimction manager section 120 updates the host terminal unit 18 and the index 
information on the index information file 1244 of 20 the supplied notice signal 224 of updating, and 
based on 226. The file-sharing index function manager section 120 outputs a reply signal 228 and 230 to 
the host terminal unit 18 and 20 in time of day T54 and T56, respectively. Thus, renewal of the directory 
information corresponding to the notice of an event is performed by the processing by time of day T40- 
T56. 

[0066] Although a series of notices of an event mentioned above, an update process, renewal of index 
information, and a response are performed in consideration of sequence to the host terminal unit 1 8 and 
20 here, if a series of procedures to each host terminal unit are observed, even if the sequence of a host 
terminal unit is in random order, it is good. 

[0067] When deleting directory information, the host terminal unit 1 6 performs deletion actuation of a 
directory through actuation interface processing facility section 162a (time of day T12). The file-sharing 
fimction mmiager section 160 starts judgment processing of whether an actuation user has w authority 
among access permissions (time of day T14). When w authority is checked, the file-sharing function 
manager section 160 will delete the directory information over the directory of the location pointed out 
on the display 168 through the input data or the mouse 172 supplied through actuation interface 
processing facility section 162a fi-om the keyboard 170 by time of day T28. 

[0068] The file-sharing fimction manager section 160 notifies the directory information deleted at time 
of day T28 to the file-sharing index function manager section 120. The file-sharing index fimction 
manager section 120 is deleted fi'om the index information file 1244 by making notified directory 
information into an administration object between time of day T30-T32, performing exclusive control 
mentioned above. The file-sharing index function manager section 120 also performs the notice of an 
event of directory deletion. 

[0069] It is carried out by the sequence which also showed the sequence about a file fundamentally to 
drawing 14. The file-sharing function manager section 160 performs registration of a file, retrieval and 
acquisition (read-out), updating, and deletion as processing. When registering a file, register operation of 
a file is performed through actuation interface processing facility section 162a. In the file-sharing 
fimction manager section 160, judgment processing of the actuation user to w authority is performed 
among access permissions. When there is no access permission, the file-sharing fimction manager 
section 160 outputs the reply signal 208 which shows that there is no authority at time of day T24 to 
actuation interface processing facility section 162a. Moreover, when it judges with there being w 
authority, the file-sharing function manager section 160 registers a file into a data file 1644, Under the 
present circumstances, the file-sharing function manager section 160 makes an administration object the 
file which creates and registers file information. The file-sharing fimction manager section 160 is 
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notified to the file-sharing index function manager section 120 by making into the notice signal 212 of 
information file information created at time of day T28. 

[0070] The file-sharing index function manager section 120 controls exclusively, is added to the index 
information file 1244 by making suppUed file information into an administration object, and updates 
index information. The file-sharing index function manager section 120 outputs a reply signal 214 to the 
file-sharing fimction manager section 160 at time of day T32 after this updating. 
[0071] When updating a file, update operation of a file is performed through actuation interface 
processing facility section 162a. In the file-sharing fimction manager section 160, judgment processing 
of the actuation user to w authority is performed among access permissions. When there is no access 
permission, the file-sharing fimction manager section 160 outputs the reply signal 208 which shows that 
there is no authority at time of day T24 to actuation interface processing facility section 162a. 
[0072] Moreover, when it judges with there being w authority, the file-sharing fimction manager section 
160 updates a file to a data file 1644. Under the present circumstances, the file-sharing fimction manager 
section 160 creates the file information according to updating, and makes an administration object the 
file which registers. Here, the file which can update the file-sharing function manager section 160 is 
only an original file. The cache file created by the duphcate in the file-sharing fimction manager section 
160 cannot be updated. Renewal of a cache file is performed by outputting an acquisition demand to the 
target host terminal unit in response to the notice of an event fi-om the file-sharing index fimction 
manager section 120 so that it may mention later. 

[0073] The file-sharing fimction manager section 160 is notified to the file-sharing index function 
manager section 120 by making into the notice signal 212 of information file information created at time 
of day T28. The file-sharing index function manager section 120 controls exclusively, and updates the 
index information on the index information file 1244 by making supplied file information into an 
administration object. The file-sharing index fimction manager section 120 outputs a reply signal 214 to 
the file-sharing fimction manager section 160 at time of day T32 after this updating. 
[0074] By the way, the file-sharing index fimction manager section 120 is carrying out unitary 
management of in which host terminal unit the updated cache file is included. Thereby, the file-sharing 
index function manager section 120 gives an event notice to the host terminal unit 18 for updating, and 
20 by the sequence mentioned above. 

[0075] In addition, in this notice processing of an event, the sequence which is not included in the 
sequence of drawing 15 is performed. In this sequence, the file-sharing fimction manager section 180 
and 20a output the acquisition demand of an update file to the file-sharing fimction manager section 160. 
The file-sharing fimction manager section 160 outputs the file information and the update file which 
were updated according to the acquisition demand supplied to the file-sharing fimction manager section 
180 and 20a. The file-sharing fimction manager section 180 and 20a update a cache file according to the 
file information and the update file which are supplied and which were updated. The file-sharing 
fimction manager section 1 80 and 20a notify the notice signal 224 of updating, and the file information 
updated as 226 to the file-sharing index fimction manager section 120, respectively. The file-sharing 
index fimction manager section 120 controls exclusively, and updates the index information on the index 
information file 1244 by the file-sharing fimction manager section 180 and the file information suppHed 
fi-om 20a. The file-sharing index function manager section 120 outputs a reply signal 228 and 230 in 
time of day T54 and T56 after this updating, respectively. 

[0076] Next, when deleting a file, deletion actuation of a file is performed through actuation interface 
processing facility section 162a. In the file-sharing fimction manager section 160, judgment processing 
of the actuation user to w authority is performed among access permissions. When there is no access 
permission, the file- sharing function manager section 160 outputs the reply signal 208 which shows that 
there is no authority at time of day T24 to actuation interface processing facility section 162a. Moreover, 
when it judges with there being w authority, the file-sharing fimction manager section 160 deletes a file 
to a data file 1644. The file management function part 160 is notified to the file-sharing index fimction 
manager section 120 by making eliminated file information into the notice signal 212 of information. 
Deletion of the cache file in the host terminal unit 16 is to this notice phase. 
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[0077] When deleting the original file in the host terminal unit 16, further, the file-sharing index 
function manager section 120 controls exclusively, and deletes the file information supplied from the 
file-sharing function manager section 160 from the index information file 1244. Since the file-sharing 
index function manager section 120 carried out unitary management and knows the host terminal unit 
with which the cache file reproduced about the eliminated file exists, it gives an event notice like 
updating mentioned above, and deletes the eliminated file information of a file and the eliminated file in 
the file-sharing function manager section 180 and 20a. The file-sharing index function manager section 
120 deletes the host terminal unit 18 and the file information of 20 fi-om the index information file 1244 
in response to the notice of the file-sharing function manager section 180 and the file information 
deleted from 20a. 

[0078] It explains referring to drawing 16 about the case where retrieval of a file and acquisition (read- 
out) are performed, finally. The host terminal unit 16 inputs the operator guidance signal 200 which 
directs a file search to actuation interface processing facility section 162a (time of day TI O). Actuation 
interface processing facility section 162a outputs the directions demand signal 202 to the file-sharing 
function manager section 160 as a file search demand (time of day T12). The file-sharing function 
manager section 160 starts judgment processing of whether an actuation user has r authority among 
access permissions (time of day T14). Here, the file-sharing function manager section 160 investigates 
the existence of directory information to an actuation user. 

[0079] When there is no directory information of an actuation user in the file-sharing function manager 
section 160, the file-sharing function manager section 160 outputs the information acquisition demand 
signal 204 to the file-sharing index fimction manager section 120 (time of day T16). The access 
permission list of actuation users is searched with the file-sharing index information management 
function part 120 from the index information file 1244 after time of day T18. The file-sharing index 
function manager section 120 acquires the corresponding directory information which included the 
access permission list between time of day T18-T20 fi-om the index information file 1244. The acquired 
directory information is supplied to the file-sharing function manager section 160 as an acquisition 
information signal 206 fi-om the file-sharing index fimction manager section 120 (time of day T22). 
[0080] Moreover, when the file-sharing function manager section 160 has an actuation user's directory 
information, as for the file-sharing function manager section 160, an access permission performs 
judgment processing of being r authority at time of day T16. Therefore, the file-sharing function 
manager section 160 performs judgment processing of whether there is any r authority among access 
permissions from the directory information supplied at either time of day T16 and the time of day T22. 
When it judges with there being no r authority, the file-sharing function manager section 160 outputs the 
reply signal 208 which shows that there is no authority at time of day T24 to actuation interface 
processing facility section 162a. Actuation interface processing facility section 162a outputs a reply 
signal 210 to a display 168 at time of day T26 in response to a reply signal 208. 

[0081] When r authority is checked, the file-sharing function manager section 160 will be notified to the 
file-sharing index function manager section 120 by time of day T28 by making into the notice signal 212 
of information the retrieval data supplied through actuation interface processing facility section 162a 
from the keyboard 170. The file-sharing index function manager section 120 searches file information 
managed by the index information file 1244 to the notified retrieval data between time of day T30-T32, 
performing exclusive control mentioned above. The file-sharing index function manager section 120 
searches that the file for which it asks exists in the host terminal xmit 18 by collating of the file 
information which is in agreement with retrieval data. 

[0082] The file-sharing index function manager section 120 is outputted to the file-sharing function 
manager section 160 by making a retrieval result into a reply signal 212 at time of day T32. The file- 
sharing function manager section 160 outputs a reply signal 216 to actuation interface processing facility 
section 162a at time of day T34, and actuation interface processing facility section 162a outputs a reply 
signal 218 to time of day T36. The host terminal vinit 16 can obtain a file search result more quickly than 
before, and can be made to display it on a display 168 in the distributed system which this built virtually. 
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[0083] The case where file acquisition is carried out to file search processing continuing is explained. In 
this case, the host terminal unit 16 inputs directions of file acquisition through actuation interface 
processing facility section 162a at time of day T60. Actuation interface processing facility section 162a 
outputs a file acquisition demand to the file-sharing fiinction manager section 160 at time of day T62. 
The file-sharing fiinction manager section 160 which received this demand at time of day T64 outputs 
the information acquisition demand signal 204 as a file acquisition demand to the host terminal unit 18 
obtained by the above-mentioned file search. 

[0084] Here, the file-sharing fijnction manager section 160 investigates whether a directory 
unprecedented in a data file 1644 is included fi-om the file pass which a file search result shows with the 
view of a local view, before carrying out a file acquisition demand. The file-sharing fiinction manager 
section 160 also requires acquisition of the directory information corresponding to this directory of the 
file-sharing fimction manager section 180, when the directory which was not in a local view is included 
in the file search result. 

[0085] The file-sharing fiinction manager section 180 is outputted to the file-sharing fiinction manager 
section 160 by making into the acquisition information signal 206 the file information and the file which 
correspond at time of day T70 according to the demand received at time of day T68. When the 
acquisition demand of the directory information which the file-sharing fimction manager section 160 
mentioned above is also doubled and advanced, directory information also includes and sends out the 
file-sharing fiinction manager section 180 to the acquisition information signal 206. 
[0086] The file-sharing fiinction manager section 160 carries out the cache of the supplied information 
(time of day T72). And the file-sharing function manager section 160 notifies the notice signal 212 of 
information as information acquired in the file- sharing index function manager section 120 to time of 
day T74. When directory information is also acquired, it cannot be overemphasized that directory 
information is also included in above-mentioned information. The file-sharing index fimction manager 
section 120 updates the acquired information new to the host terminal unit 16 as index information in 
the index information file 1244 between time of day T76-T78, controlling exclusively. The file-sharing 
index fiinction manager section 120, the file management fimction part 160, and actuation interface 
processing facihty section 162a output time of day T78, T80, the reply signal 214 that shows the 
completion of updating by T82, 216, and 218, respectively. 

[0087] In processing of a file search and file acquisition, since processing is performed continuously, 
judgment processing of an access permission is performed only once. When not continuing processing 
but operating each processing separately, in each actuation, this judgment processing is performed by a 
unit of 1 time, respectively. Moreover, it cannot be overemphasized that access judging processing, 
access-control processing, and exclusive control processing are performed as mentioned above in the 
distributed file system 10 also in mere file read-out actuation. 

[0088] Thus, the duration which processing takes compared with the case where judge an access 
permission in each application level simply, and creation, updating, deletion, retrieval, and acquisition 
are performed can be sharply shortened by treating as a distributed file virtually according to each case, 
and centralized-control-processing based on index information. 

[0089] By constituting as mentioned above, a distributed file system 10 Management according to an 
access permission is performed fi-om index information using the index information about the file shared 
in the file-sharing index fimction manager section 120. Even if the host terminal unit which a user 
operates among each host terminal unit 16, 18, and ... does not have the target directory information An 
access permission can be obtained from the file-sharing index function manager section 120, without 
accessing each host terminal unit. By performing management local at each host terminal unit 16, 18, 
the file-sharing fimction manager section 160 of..., 180, and ... Since access to each host terminal unit 
16 performed by the completion of processing, 18, and ... can be made into the minimum, the duration 
of processing can be finished in a short time rather than before. Therefore, a distributed file system 10 
can offer a user-fiiendly system. 

[0090] Moreover, access to the file-sharing index function manager section 120 can be lost with 
judgment processing of the access permission to the file which carried out the cache, the cache file 
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which each host terminal unit has can be used effectively, and the processing to a distributed file can be 
made to perform efficiently by the file-sharing index fimction manager section's 120 carrying out unitary 
management, holding the directory information which each of a host terminal unit has, and using this 
directory information for judgment processing of an access permission. 

[0091] Since renewal of an access permission is performed to all the host terminal imits that are carrying 
out the cache of the changed directory when an access permission is changed especially, the 
coordination of the access permission in a system can be maintained. 
[0092] 

[Effect of the Invention] Thus, according to the distributed file-sharing system and its file access control 
approach of this invention Even if the host terminal unit which performs management according to an 
access permission fi*om index information using the index information about the file shared to a global- 
area function manager block, and a user operates does not have the target directory information By 
being able to obtain an access permission fi-om a global-area fimction manager block, and performing 
local management with a file-sharing fimction manager block, without performing access to each host 
terminal imit Since access to each host terminal unit performed by the completion of processing can be 
made into the minimum, the duration of processing can be finished in a short time rather than before. 
This system can be offered as a user-fiiendly system. 

[0093] Moreover, access to a global-area fimction manager block is lost with judgment processing of the 
access permission to the file which carried out the cache, the cache file which it has can be used 
effectively and each host terminal imit can make the processing to a distributed file perform efficiently 
by a global-area fimction manager block carrying out unitary management, holding the directory 
information which each of a host terminal unit has, and using this directory information for judgment 
processing of an access permission. 



[Translation done.] 
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T'</^ri^^'tP^lzm^xyr^/^^^^<ori^^:^^mrf- 

-<x^^zi^<y^^^:^m^mm'r^t. ^wcyr^A--^ 
[0 0 0 7] y 7 ^ /^(o^^^^Mmx^f^^W^y T 4 

^i^^y^j^xyr^/i^mm^n^m^. ^m^km^^ 

r^McM\^xry^])^—>B>'U^/ux<DTi!^^:^m 



[0 0 0 8] */c. ^myr-f/i^^m^^^^y'J^n. ±^ 
LtcX 0 \^^ims\^ 1 -zxoyr^f^^yy^'rJ^^hT^fii^z. 

Y^imm.(oyr>(f\^n.. yT4}\^tm^^^f^\^m'o 
yhy—^^i^vxnt>^i<xhX<ys:^o 

'^y^mmmmm<o^—^'^Km\^^^t>^^fi<:>x\.^ 0. 

[0009] :^^m\%:i<Di: 0 fm^^^<ox^^mm 
u r^^y^mmz.mt>^^m^m(ommit^^nyr 

[0010] 

^^^itMz. y'-^^^ti^xmoyr^/^^^mm 

^m^m-r^y'^ h v :}sxxfy 74 mct ^± 
y^'r^i^^(r>mn^T^-^y^mmmntvx^i^y'>y^ 
:^mm\^^i^. ^KD^i^y'yi^y^mmi'^x^'gm^^ 
^^^mmmy^y^^^yhv^—i^mc^pf^Kth- 

yhm^mm^mm-r^mmm^yT^/i-'wm. 

[0 0 11] :i^w^(Dj;^myT^^^^M^yy'rJ>.\%^ i< 
y^y^'^mL^m\^x>( >y'i/i^y^^mii^hr^'^y^mm 
7bm^<oy'^i^i:^ hvmm^n^x\^^fj:<xh. ^^-y^ 

^i)^^^M\^r^±ymm^n^:^tif>Xt. yr^f\^ 
[0012] ^fc. :$:^^»-bi^<O^Srj»^-r5fcJe) 

tel. 7'-^-^'^h^x^byTA^\-^nmm'^<r>^m.^ 
^•fy^-f ^-^ V'0<D'r\^^^\^xyT4 fy^^mt^-^y 
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[0 0 131 ^^^co^fc:7r-</^*^v';=^^A<^:7r 

10 0 141 

i S^tfe:7 r >r A<o-||Jfi«f5 Sr^jftliciftig 

[0 0 15] ifmrnrnx. :^mm<o^myr^/^^m-> 

[0 0 161 ^Wiyr-f/^i^^TM.ma'X. miic^-t 
mm(o^:^ ht^mmmi2A4, le. is. 20, ' - 

'^mmyr^^^\A4Aiim7Lhnx\^^^^ *^c. 

160. l80*5J:Uf"r'-:^':7r-</H644, 1844;&5— la-foK 

(0 0 171 bC^i^@tco\/>Tm^ 
Uil^i-So ^-y^vmimm2. n.ie, 18, •••jcH;. 

f^i^^®^3512a. 14a, 16a, 18a, • • • *5 J:UJiiaa^g|fP12 
b. 14b. 16b. 18b, -lErtt^niix. btuTV^^o 

^^^S5^c^@l2^c*5v^r:$:(4^s^glaJl2att. ia2ic^ 

CPU (Central Processing Unit) 120a, ^-t 



yi22. hU— i^l24i3<tOf^5^ ^^J^^126§r 
^tfo ^aa^®lfP12btCli. t'^^>^W128. 

K130. ^XU'^>(>'r-(i^^'f^<^:^t\^X'^^:^n2 

t^h^. miu.mmui2h\t:^^mmMi2eAz.m'^mnA. i 

36, 138^^UTg^J^^ixXV^?>, 
[00181 ^ b :^124Ji, Kt^'^T K^-f 
(Hard Disk Drive unit : :^T. HDD^V^p) X 
h^. ;^ h W->?124ti. :/ni/^^IBtS^^124P^^ 
-:^fB^t««cl24Dt^C^>^tX|^1tUTV^^, ^n^r^A 

IBm^^i24Pte:«, >'r'i'/v*W'<>'7=':y^:^l^S:/n 

i/^ A1240*5i:i;^^f^-r A12 
42;65|&*^$^^rv^^, yr-C/i^^^^i^'ry^y^mmy' 
O:/^A1240fi, hr7 — i7l00(C^j^t"6Jf:^ hdS 

^^©12, 14, 16, 18. •»'{C:*5VNT^^Ji^$tT.it:7 

r-f/v-^-f i^:^' hV-r^xcD^^^fy^^y^^myr-f 
/H244$rWS-r-5o 7^-:J'lSlgM^124D(cr^, ^l^'fv 

So 

[0 0 191 >^g!l^m26«:, VV—i^\ 

^@14, 16, 18, •••^-^a^fc, bT— 0<0{S^ 

[00201 4^ys ^jg5ic^Sl4^C*3l^T;*:{*:ilm$P14a 

fi. ^atC^-TJ: CPU 140a. ;^^!;i42. ;^ b u 

-v^i44*5j:t;?;^^5' hi?—i^mmm46^^t?. mmmm. 

nuh\cn. v'-f ;^:/W148. ^-K150. i^XXJ^ 

-^^154. 156. 158^^LTg|M$ttTV^-5o 
[002 11 :^ h :^144(;J:, HDD-e, :^ h v?144 

tt. ::/t2>/^A|a1g^^^l44P-h7^— ^5^1511^^1440^1^ 

:$>^trl^^UTv^$o :/n>r^i.i2lg^^i44Picti, ^ 
— iFlf ^W3g:?'o ^7 Ai440:jo J:tmfM ly^yzx,--:^ 
^3®3?^tl:/7i^l442;^5^&^^i^TV^-5o ^--iflf^t^S 
>^n^^A1440Ji, h!7 — iJ'lOOtCgllgE-rSzJ^X h 

^mmmi2, 14, 16, is, •••t;i:}oits^— tfit^^'r 

-ryH444^1^3®i--5o ^--1f1W^:7r>f>'W444{cj:t, fc 
irxrf, »f^#^-rS3.— ifiD (IDentifier) . y< 

tFtt^>'T-r/W444;65|&^^ttrv^-5o 

[0 0 2 21 r^-^mn'^mmmmAon. ^-^fmn 
>'r-r/W444F^(D^-iflf^^;t^-r5if^^Stcir/w 
—zfit'r^:itt^x^^o ^mmm\^. m>^K^^xt 

o ^^W' K^^^v^T:^^;^ hi^m^mic?^^ 
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[0 0 2 31 J: 9 rz.— *f^t#i:«, n.-ifiD 

lo 0 2 4j h^—^munum. 

^^E12, 16, 18, •••r*«:. ^vyv—^W^^\4^^ 
:/^UT■t^^^^^^o:^^^ h^^Siei2, 16, 18, 

[0 0 2 5] /.e*5. hiS7^^ei4lctt. ID^b^^tv^ 

10 0 2 6 I ^yt. 3^^;^ ^^§8^^ml6lc:ioV^T:$:^^® 
maatt. la 4 JC^i-<t 9 tC. CPU 160a, 1)162, 7^ 

^M^16bt;id:. y^H-:^:^!^-!^ 168. ^-4?— K170. is 
^7;^172>i53r> ?) , ^52^e$&16brt::*:^t:^®SP16a 
i:m^i»l74. 176. l78^^^^UT^M$i^rv^S, 

[00 2 71 h U"V?164ti. HDDX?;:^ h v^l64 
:>^n>/7AieS^^164P^7'->5^IBlt^^l64Di:lC 

:$^JtTIBttbrvN5o :/n>/7A|Blic^^i64P«c(i, y 

r -r jv^^^Wf y^^^M. 1640*5 J: t)«^f^-r ly^y^— 

;^^g|7^C2^/^^1642:^5|&^$;}^TV^-5o >^T^/W^^ 

W3S:/ntj^^3.i640W:. hy— ^loofcg^i^-rs*: 

Xf5g^^@16, 18, •••lCj8V^Tj©>«rl^*^*g^$*X 
/C7^— ;?'P'r-</W644, 18441cm" '5^MlCi$::CTl=3S 
i-^o 7^— ^ISltti«164D<Dv'— :7 r ^>'H644lC 

[00281 :7 T >f /^*W1^31;^tg]g?Pl60ti. :7 r ^ /I- 

^<D^^:^Vn^^Un, 14, 18, •••COT^T-f/V^ 

40*5 J; ut:7 r >'i-**rl^3®IKtila5i80, (om^^m 
[0 0 2 91 5>tSc>r-r/i-->:^^ixioic«:> hig^ 
[0 0 3 01 m^^%iyr^/y^^^y^'rJ>^\ox^t>th^7' 



— ^ iati^^i64D, 1 84D*$ J: m 2A\)(omm^ ov ^xwn 

^yr-<M^A^^tSo t'— ^:7T>f/H644«:, @5(a) 

tc^-rj: ^{c. h y VP" {c>^i-^7^^ 1/^5^ h 

ytt^P*5<ti;^:7T'^/H64A (= VP/A" ) ^^tfo 

•e, :7r-</W64Att, :7r-f/Ht»ii: :7r>t' >^W64aiSr 

P" :Jo<tI/>'r-l'/W64A«. ^#-r 37:31— 
tggR162aSriiCT«lf^$tt. :7 r-</W**1f 3®«fe^SB16 

[0 03 11 fc^cU. >'T-</H64a«:. x^;=^ hdSS^S^® 

i6-e^v>6osic*5tt5:7r-</w^^ Vp/a" <^:7t-</^ 
^v>5t)itr*i^/^v\ m^>(>^y:^-ys^wmmn\Q 
2^ii^hy r ^i^^^'^mmmmm(DmwT\^'h^y r 

Id, r'^fU-i^ by VP" tc^UT>^r-f/H64A<z>^y y — 
[0 0 3 21 f^^tc. :7r^>'i-*Wl^S^fi^fPi80$r-& 

^xy^yr^ /H84b. :7 r /H84C;&5 r ^ /wft^c 
*5j:t;5:7r-f/W84c"t?. ^H^ttll^#»tTv>:5o <t9 
^«^6«JJ^:«. y'^\^^ hy VQ" . VQ/R" ^i^XJ^yr 

VQ/184B" , "Q/R/184C" <Dm^^^y r ^ /^^^M 

tt^ni^f^>f :y^y=^-y^^wmi:^i^2^^m crfiif^ 
^tt. :7T-f/^*^t^S^tg^l80O^ig{cJ:f9f^^- 
M^$^^fct><^^fc'5« Z(0^hyr-<Ji^iS4h, I84c 
fi. 2^;;^ hlg^^@i8^fflv^Sos(c*5tt5:7T>r/WN-;^ 
VQ/184B" , VQ/R/184C" co:7 r-f /^i: v> 9 :blt-r?^l 
^div^o mf\F^:^^y^—y^^&^^Ui82aii^^yr^y^ 

VQ" tC*rLT>'T^/W84B^7^^ hi) VQ/R" 

r-<>'W84c<;D^;^ y —mit^yf^^o 

[0 0 3 31 *fc, 2j>;^ h^^igMl2«:. ia7(a)lc^-r 
<t5l-:^ft:7r-T/i-^>^v^^io<^7^^ wri' hy^^ 
Q, R*5j:T^:7r-f/Ht^, b, cT^X^yy-^/i-^^ 

>(>v'^y^y^*^mmmm2ox-7t'§mi-^. cttb-r 

r-^>'H244tc|&i^^tvTv^5o :7 7-^/1.^;^^ 

y ^ y^wmmmni20(Dwm{cx^X'^ ^^^v ^y^'^m. 

:7rW/W244^i/n— yVHi'n.— ^^$^5^. T^W'l^ 

^ h yif^^.:7r^/wtf^t^^tf^ ^-7"iy^;^if#:7 
r-f/W244;65^ l§!7(b) ic^i-J: 3 tc, i^iJ^ h y V 
P" -^T^/Htm U'iJ' h y VQ" -:7r-f /Ht^ 
B, :Js<tU^7'^i-'^hy VQ/R" -:7r-^/Hf«lC<o{R^ 

mfii y y $ 4x5o 

[0 0 3 41 iJclCBtr^uybx^i^^ hyffif«*5J:T^:7r 
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MiRB44. ^W#46. fiftil048. ^§^0 50. T^M:^^ 
^hyM*f044«. ;i<3?^.f WiJ' hy;65Sm(r3E^f^tb 

[00351 ;^^^i^^<^jg^-r -5 0 1 vxmk 

048i:<2f§i05O;^$>-5« 1«»048«:, 0 $ri§^*fc^ 

^^y;^h^^tPo 

[0 0 3 61 r^±:^mn}) m9\c^'rxo 

-y^if ^WS^^fgllCHOtc J: o T^-iJ^lf r /W44 
4^;^^^^tLrv^6^|^-e$>So r ^ 
tub mr. ri:v^9)*ilS. {^T. w^v^p)«l 

[0 0 3 71 7r-r/Ht^fi> miotc^t-ct 9 i-x 

60. >'T-f/V^62. :7r^>'V3E3K064. j^W#66. fiStii 
068. 1^^110 70. :7r-<>'^^o:l^m2<Sr'&^T'^/^5o yr 

>^T-r/i-^62ti^^^r><>'i-^^:^^. ^^#66ii>^r-f 

yy^ f^li^^ y "i^^f^^t^^ ^ > -T/j: t?*>«S!l $ H 

[0 0 3 81 ::c-C\ ^^::^hi^^mmi&if^^^hi^mm 
® I8d^ ^ T >'i-i84B^ ^^^iy^-i'^:it\zX^ 

164Dlc:ji. 1^11 (a) o \^'f>( 1/^5^ h y If #Qi: y 

r-</W84Bd5iiJ!ra^tb'5o yr^y^ismt, yr^M^ 

#B*5itJ^>'T-r/W84b$r-&Ay-eV^So ^^5'i>'^^tL 

tm^^ i^^y ^ -;^tgllBlfB162a?!)- e> :7 r ^ /l-^^'t^ 
a^m600lf3STcO^T>f/^^:^^^ft>'^$^. o — 
-e7=^-Y l-'iJ^ h y VP" (C^'r-f /H64Ai:"7'-f 
WrJ^ hy VQ" Id >^r-r /H84Bd5^;tSo 
[0 0 3 91 fcyS:U:7T^/W84B«:. ^j»"e^$ixS 



[0 0 4 01 ^\z.^4\y^ h y tf^tc:*5»t5r^"fe;^#i 
y'H hyPiET^:7r^/^^<^§g|liUliRS. ^2 

(c. 7'>f UiJ^ h ypii:Tco>^r-r>'Mc^-rs«i^/^s#/ 
fgtH b^s<Dtiis> ^ur. i^3tc. T^^i^>^ hypic 
TcDT^^i^^:^ hy^o^mbiiis-efeSo ±]i^ufc^i^i' 

[0 04 11 *fc. T^^i^^^ hypjc*5ttsw*i^i:ft. 

b y pic^i-sti(ST\ n 1 y'^u^r hv ?m 

hypiiiTOT^^ t-^ h y cogij^tiis. ^3tc. t^^i^ 
hypii:Ttcgf^c/^7r-f/v<oi&m«i^. ^ur. B 
A\^. i^i!' b ypii:To^T'r/vtoMi^/^ijKj*i[S 

[0 0 4 21 ^Wiyr^f^^yy^y-M^xxx^ 

fc. "f^yy^V') cD^^^fi. ^^i-ST'w' i^^hVK 
[00431 ^\cr^±:^mm(Dm^^m\^^y^^xmm 

-rSo iffi. -r^ u-^ h y^f^^:7T-f^t-^f^^tT 

9 fjtcir ±ysmm<om^^^i'fxr^±:^^iiF<o-^^ 

Sr^TV>So l3l2Jc^-rJ:9»^:> Ifei^^— v'^^v^ 

>'badmin{C-^bfcJl-a' (YES) . ^f^^— tftC^UT 

i^iJ^ hy*3j:u^y'r-f/^t-^'r<7>rt?'-t;^;65f»:ar$ 

[0 0 4 4] *rc. ^f^^-if;d5>'^xAWS#r;3^7i> 
>^ badinin-X?/j:d^ofcl&^ (NO) . ^Wiyr^/^^^^T 
^l0l;i*5V>Tlfef^^— ifoM-rSiZ/i-— ^-t*-^T<DlJ# 
$rfTP (;^7^ .y>^S14)o C<D^yV'-^iW^fi> ^ffi-f-S 

^-^mmmmmmuMo^mi^^'^x^ zi^-i^^my 
r-r>'W444A^e>^#-rs r t t^x^ So 
[0 0 4 51 ^sfetvi^f^urv^s?}^;^ hdsg^^m±tc^i^ 
n^t't^'f^ h v^y ^^(om^f^ hvm 

^ h'jmn^^nvx^^fi:\^m^ (no. ^f^^^oj^;^ 
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8)o 

[0 0 4 6] ^tc. mrf^x^^ hytt^^^^turv^s 
[0 0 4 7] 2fe{c?&©-c#f>ttfcT^-fc;^*iK»c— o-e 

T^y:/S22)o Wnrii:;:/hy;6S#^E-r^^'^ (YES). S^f^ 
^Ut'^v^^'^ (no), t^w' i--^ h y*5J:t>^:7r-f/V''^o 
[0 0 4 8] Ti^-fer;^«IPK(DiHJ^jrrt:> ±:^\.1t.^mtt 

^j^*Qj3at>fc^o iai2<7>r:^^-fe>^*iRB<^fflm#«Si:i^c 

^j^^ttfc^-^ (NO) . w{m^(omf>( i^i^ b y 
(omrfA^^ hy ^^^^#L.-cv^/^v^:^ (NO) . >'T-r 

mmx.fzy'^Ui^ hyff#^#MUX. ^f^^-iFd^T^ 

8)o ■r^i^:^' hvmm(ommmtmiiF^—^(o^-^i^ 

t^it^VX-^X^tcm^ (YES). It^OM^Srffpri- 
S (^7^5^>^S24)„ r<Diti|Se;65:^— Sc<Z>^ (N 

0). mm(D^m^m±v. ^n^ic-r^ {:^Tv':f%2 

[0 0 5 01 ro<t p/^T^^r^wso4^J^*5J:r/^— 
h y^f^:feJ:t/:7T-ryi'^f^OiX-^>'>^trm 

^g-r-So "T^i hy^Sctu^y'r-r/Hcii-rsi^— 
[005 11 ^i4<o->— -^v^^-ewt. 

oi— >^^S^ig$B162a«:. ^^jT12lC|g^^3^ft-^202Sr 
[0 0 5 21 ^T'l'/V-^^lfmSfetggCieOTft. ^^T14 



^ ^y^f^;^s/^^,^:^^ ^-.^ hdg^^@l2co :7r-r/w^ 
1t#^#^^m^204^i^mt-6o :7r^ 

^ hyit^co^^>^ga^-r^« ^r-Y/w^^^^v^^/i^ 
h y 1t#^^^jT20lC|fe#it^{t-^206i: bT:7T'r/^* 

[0 0 5 3] y r ^ ^^^^^mmmuim^. ^^jT22'e 
nbi^h1tT^'^:^mm^t^:\^^t¥mvfzm^. ^^T24 

[0 0 5 41 */c. T^±:^mm<Dm^^m\c:}6\f^xy 
T^/^^^^'^mmmnieox\'X'^mr(Dy'-^yr^^i^i 
M4{cmy',^i-^ hvmmi>^^i.fzm^. mmnextc 

zt:dmm^nfct^. i^^<Df&im^mmT24\:ixno 
^^^mmicm^. $^>tc. ±^i.tzmMi24, T26<^it.^ 

[0 0 5 5] r^'^:^mm(ommn^<DUW:. r 

hmmT2Bx<Dm^^m\cmt^o z<Dt^. yr^f\-^ 

^miKt> yr^ ly'f y ^ y^mwsm^noKm 

[0 0 5 61 rcO^M-^O^^^rKrit-f-^fci?). 2}^:^ h 
^5lc^@120fi. -0(0 ;^ higT^^gfcJ:^ ^ lift $rtT 

9-M-<?5^i^«yiaii^fT5o mf^WiJ^x^^t. yy^ 

}V^^^:y^v^:^mwmmA2m.. W^^(Oit^y^V 

m^mm^^hmmx^fs:^^:^ o \mmmmt^^^t>f\.x 

^ad^^TU. >^T^>'^*W^>'7^s/i5^;^W3S«8iiei»i2 
Oj!i5ir>^{t ^214^:7 r /i-**W3ffi«lte$Bl60lC3lltti-t- 
-5^^jT32*T*^J^i-^o 

[00571 yr-i/^^^mmmmmyx. ^^jt34{c 
^:7a.-;:^«i.S«il|g$iSi62atcm;^-rSo ^btc. M^f^-r 

>'ijr:7iii— ;^.«lS^iggfil62att. ^^JT36{CJ^.^^218 
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[0 0 5 8] x^Mci^tb^m^m^fxmmcmmr^o 
[0 0 5 91 wmmmm^fitim^. mmT2B^x\zy 

[0 0 6 01 ^^JT16*fc^^^^T22^;lTw^il®;55/^V^^: 

hi^^mmien. ^i^^:yi^y::^—:^mmmme2a^ 
nxyr>(/i-^mmmmiGon. hpit^ 

^Bff^ U X V ^ 5 t^-^iiAZ-i^^ D T ^^jTl6ii5 J: xmm22<i:> 
[0 0 6 21 yr^/^^^WSmUl60}fi:. ^MT28* 

on. ^^jT28(^f^^bfc7^^ i^^ Kyit#^:7r-r/w* 

2c7)P«^tc:7r-f/i-*^^ Vr^yi^;^W3g^|g^l20ti. ml 

mn^'^mMMtt {.x^d^y'^y^T^mnyr^Mzuxz. 

[0 0 6 31 ^w5-e. >'r-f/^*W-f >^'r 

y^)vm. yr^)\^'&s\^x.nyr^f^mmc^\i^x%> 



[00 64] r O-f hii^Jc:^^-r'57'-< h y 

^220, 222^ LTil^i-6o y T ^ f^^^^W^^^X^ 

ofi. ^^JT42tc:^-<:/ hil^^^ttx. ^^JT48^T-{c: 

7="— ^ >'T'^/H844l^COv^H' h y ft^tOlE^^S^ 

tT9o *yc. >'T-f/i-*w^3®«atg^20aWL. nmmc 

[0065] T-rvV^^WS^fg^lSOIl. ^^T48(c: 

^i^^h]) mm^^m^m^224t i.xm^-r^o m 
5. yr^^x^^^^iyy'y^y^mmmmunoyt. fct 

^ff. ^^T52-'T54(Dr^S:^B$imL.. ^*&$nfcM3&f 

il^ft-^224, 226^^{;i3j^;^ hdS3^S^gl8, 20co^:/7^ 
^ :^1f T /W244<0>f ;^1f 

5o yr^/i^^^^>'ry^y^wmmmni2on. :^y^ 

228, 230^W;(3i-.-5o rcoi 9t^l^^JT40~T56*-C<D*a 

[0 0 6 6] rrT\ ±izEbfc— il<o>f-<:/ hil^. JE 

^si8, 2o\::M\^xmi^^nm.\^xnox\^^^r^.^^> 

[ 0 0 6 7 ] 7=^^ h y tt^^Sr^ye^-rsa-^. d^;^ h 
^^^®i6fi. mY^^i^^y=^—ymm.mM\^2a^^ 
v.xv'^u^ v')(D%mm^^no (^^jti2) „ yr 

T14) o y^mmtmm^ntzm^. ^m2%i^x\z.yr^ 

y :n-y^mmmm^2a^^ X^X^f^^fy.tiXtiy'—^ 
* tL ^ y 172^^ VXy-( yzfv'^ I68±xm^ ^ n 

[0 0 6 8] y r 4 ji^^m^mmm^ieon. Npm28{c 

'smmmm2o\cm^'r^o mMT2o--T32<Dmicyr-f 

ju^^4>yyi:^y^mmmm2on. m^y^vtzmmm 

^tl.X^^y'y^y^mmy r ^ /H244d^ h lyK^So 
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[0 0 6 91 yr^Mcm-r^-^—^^^^hm^^m^im 

m^2m^^^y( i^^y:x.-y^^wmmni^2^\^mti^ 

"^mmmmm^. f—^yr^/\^i€AA\:LyT^^^^m: 
mcT^, :i(Dm. yT^/i-^^^mmmmeotx. yy 
>r/Hf^^f^^L. ^m-r^yr^/i^^'^mM^tir 
So yr-<^^^mmwMmmGott. mmTmcxi^^v 
ityT^^i^m^mmm^m^2i2t i^xyr^/^^m 
^>v'y^y^'§mmmm20Km^'r^o 
[00 70] y r -r /^**>r ^v'y ^ y^^mmmui2o 
mm.mm^n\r\ ^i^^tiftyr^/i^mt:'§mf 

r^/v^^:yy'i:^^ys*§mmmm20\fX^ yr^f^^ 
[00 7 1] yy^f^-^'^m^^^'k. m^^:y^y:^ 
y r ^ f^^^mw^mn\mx\%^ r^'^:^nm<r> 

^yzr.-:^. ^3®^tg|fBi62a{c mti^^. 

[0 0 7 21 Yimm^th^tn'&h.i^m^. yr 
^ /\y^^*^mmmmm^. y'—^yr-<^^\^AA\cn\^ 
xyr^7V<D^m^'^o. ^<om. yr^/^^^^mm 
mmeon^ ^m^^it^cf^yr^^^^n^i^^v. 

i-^yr^^i^^^mMMt-r^o c^-e. yr^^i^^ 

mmmmm&oii^^m'^m^j:yr^/^n. :tvi^^/i^y 
r-T/v-ycfi-tr-fe^o yy-^^i^^^'^mmmuieoxmm 

\cX^ilF^^tifc^^^y->^yT^M^. Itmx^tj: 
v\ ^'ry->=^yr^/^(OM^^. Wi^'f'^^o\^yr 

^^^^xMm(o:t^^ hm^mmn^mnw^^m:bvx 

[0 0 7 31 y T ^ ^^^mmmmf!^uieQ\x. ^m28tc 
xiiF^\.tiyr4/i^mn^mnm^m^2i2t vxyr 
^/i^^^-(>''f'y^y^*^mmmm2o\zm^'t^. yr 

/v^w-f y ^ y^mmm^^\2^\^^ m^vm^'^ 

v\ m^^f\.fz.yr^)\-'^m.^mW^1^h\.X>(i/y'v 



2i4^m;^-t-6. 

[0 0 7 41 ^-^"C. :7r-</w^-f 
ctf?. yr^^^^m4>y'y^:^^mmmm2on. m 

[0 0 7 51 rcO^-Ohii^^SC^J^-^. ^15 

(DU—^>':^\c^^tix\/^i^y^^iy--^>'y^:d>fxt?ti^o 
:i<oi^—^>':^x\t. yr^/i-^^^mmmmso, 20a 
tK yy^/^^^'^MmmmmcMvx^^yr^/^ 
(Dmnm:^^mti't^o yy^^i-^^'smmmuiGo 

*5j:t/IE^:7T-r/i-^:7r></v*^^SI^tg^i80. 20a 
«3ffi;^tiS5120Jc3Ei©fii^#-^224, 226^br353Rbfc 

3®«itgifPi2o«:. #(&$y^ap^tTV\ yr-(^^^^mmm 
mm^, ^o^^>^h^^^^Mzyr^A^mm^x.^^>'f 

y ^ y^mny ^^1244(04 ly^f y ^ :^it^^lE^i- 
120«:. ^^JT54, TSeicr^tt^^X. j£:^m^228. 230 

[0 0 7 61 i^Kyr^/\-(Dnm^n^m'^. mi^^:^ 
^y^—:^mmmmm62a^'ffvxyT-(/i-(onm^i¥ 
^no. yr^^^^mmmmu\^(^xyx. r^-^y^m 

r^-^y^mmt^m^m^. yy^fi-^^m'mmui^o 

li. Nf^T24T•*iPg<D;^^V^- ^^^'rjt£:^{i-^208$r^f^ 
^>'i5^>'a.-y^^S^|g$5162a(cm;^'r6o *fc. w*i 

7^— :^':7r^/W644lC^UTP'r^/^<?3Q!l^^^ 

3®tililfB120lcil^i--5o hiSg^^Sl6{c:feltS=^ 
[0 0 7 71 2}^^ fiig^^®16(C:bMtS:ry v^-:^/l-:7r 

y^mwmm\2otmmm^n\^\ yr^A^^mm 

mmm&ot^h^'i^^fhfz.yT^^^'mwL^-( ly'ry^y^ 
mmyr^ /vuAAt^ h wi^-r^o yr^ /j-^w-y y 
ysmmmmm2oxx. nmi\^ityr>iMzim\.xm.m 

^nm\^tLyy^/i^(r>yyy( X.nyy>( /wSr 
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[0 0 7 81 mk\^. yr^/\^<oi^m. (icWb) 

y^v^^mm\^\t. mY^^>^y:^-:^^w^mn\^2a 
\cyr^ /mm^mTT^i- ^ mi^mn^2oo^Atf'r^ 
w^jTio) o ^f^^>^^y^-:^mmmme2atx. 

yr^^^^mm^t vx^^m^mmo2^yr-(/^-^ 

mmmmmmmm:h-r^ (^^2) o yr^/^^^ 

[0 0 7 91 :7r^/^*#t^3®ai^$pi60-c^f^^— tf 

i^'T v^y^^^yy^ /H244>e>^ h ^f^^ — if o T^^y^ 
m^^)y^V<o^m^rjbo yr^f\^^^^^^'fv^y^'^ 
jmmmmt. ^>'y'y^y^mmyT^/^i244i>^^^ 
mTi8--i20(Dm\^T^±y^mmv y^ h^^Aytcmm-r^ 

mtt. yr^ /i-^^-r ^^"f y ^ y^mmm^u\2^t^ ^ y 
r^/^^^^mmmmmcwLnmmm^-2oet \.xmm 

W^JT22) o 

[0 0 8 01 yr^/^^^'Bm^mmeoi^mi^ 

^mW^m^lGOn. mMTl6:fSXXJ^f^MT22(D\^^-ftlMC 

^ufc^. y r f^^M'^wmmi^^n.^ ^^jT24-c 

Ts^imk^v&iax^mi^^. mi^4:^^y:^-y^^m 
mmme2an. jt^^m^2os^^nx^MT26\^)t^^m-B^ 

[00 8 1] rmmi^mm^titcm^. ^^jt28*x*{c:7 

ly^yzi.-:^ ^mm^^ I62a^^ br $ f\.fdfk%f 

y^mwsmnvmcm^'th. nm^^-'i'^2<nm^y r 

l^^-y ^ >^^SI^tB^fP120«:. 

fv^y^ tt^ yyA /H244ic x^m \.x\^^yr^ /Hf 
«<o«I^Srff 9o yr^f^^^^^fv^y^'^ysm^U 
12011. i^m^-^\:.-^^yr^?\^mi<om^\z.^ 



[0 0 8 21 yr^fx^^-i^^'Ty^y^^^wm^Un^ 

'mmmcMMm^^^^'^\%%2\2b x^xyr^f^^ 
^mmm.mmz.^ti^^. yy^f^y^-^'^mm.^nx 

eort:. ^S!lT34(;ii^:^fi-^2i6S:Sfef^>< y z^—y^m 

atB^i62a{cm;^u. m^^i^^y:^-y^mmm%\^ 

2a{l. ^^JT36tc:it;::^m-^2i8^m;^-r^o :intcJ:D. 

[0 0 8 31 i^r^/'Vi^m^ffi-J^it-C. fci:x.f^. 7 
i5^:7:n-:^^tn.S«ltg|f5i62a«:. f^m^2\cy r -( 

^^f^MTe4x^\ncyT-f/^^^^mmmmGoit^ wi 
^(oyr^^^^rnxn^fiti^y^ hft^mmmmcMv^x 
yr^y\^n^^t i.x^mjmm^m^204t:m:b'r 

ho 

[00841 rr-e. y 7>(/^^^^mmwmu\^o\x. 

yr^^^nmil^^^hmK^—ti^^^=^-<r>m^xy 

7 4 fy^^nm^t'^7§^^y r /w^^ ^yr^^^ 
l644l^^crtt;^■T?^c/^v^■r >f y\> ^^^tst^t^^m 
-<6o y r ^ /^^^"^mmmnim^. :^;/nf^— 

\i^hm^\^yr4f^i^mymk^mm^:L(r>fA 

[00851 7 r-f /V-^WWaSatg^aSlBOli:. ^^JT68T* 

>^ T /x-^^#1ff ^fs -^206 ^ ur :7 r >< /i-*^!^ 
S«lltilf&i60tcfcb::^i--5o y'r-r/w^^i^l^S^lglfCieo^ds 

y if ^i>^#it^^t^206tc^ie)T)^m-r 

[0 0 8 61 :7r-r/w*^Wsatlgl35i60{i. ^^^tU 
fclt^^^^^i/v^-r^ (^^JT72) , ^br. yr^ 
/i-^wwa^tg|fisi60tt. ^^jT74ic :7 T -r >rv*^-r 

>y^^«S^IM??(5120t;::^#Ufc1f#^ bTlf^il^ff 
^212^iS^i--5o T'^l^i!^ hy^f^t>^#UTV^a^ 

*"T?t>?'j:v\ :7:7.H'/w*^-r>'7='5/i5'^t^aate^i20 

w^v.tz.mm.^Aiy^v^y\tm,h\^x^m'th. yr 

^ Vv=^ ?/ S^S^tg$|5120. yy^ /l-W^^ 

IfegBieo. M^f^>f >'i5':7:n-;:^*a.a^tE$|5162ari. ^il. 
•ett. ^^T78. T80, T82tCTM»f^TSr^-ri6#«-^2 
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14, 216, 2i8$rai:^t-6o 
10 0 8 7] yr^i fVii^n^XXf^y T ^ 

[0 0 8 81 :i<D^o\^^n'€ti<D^\cjt\:.x^M^ 
^^mm\^xmkir^^t\z.x,y> . mmm^(r>r':/]> 
M^. ^'j^. \km. m.n^rsom^K^^x^m\z. 
[0 0 8 91 £x±oj;9ic:^^-rsw^tci;»). ^my 

3g^m\ h5S8^ilgl6, 18, ••.o5*>. 

ca:jfe<. >'r-Y/i-*=^-rvT^!y^^^31«tgg|5l20d^ 

6, 18, •'•(^y'T-r/^^^t^3®atilfi5l60, 180, •••'C 

2^;^ b5S5^^®i6, 18, '---<^r^-fe;^^^/hrac-r 
[0 0 9 01 7r>r>'u*^'YV7='5/^;^^3aatB 

/j:o r :7 r /v^W^ ^ >^ ^3®mig^f5l20--<or 
[00 9 11 r^^y^m^^^'^v.fz.m^^ 
[0 0 9 21 

idmw^my^ y ^ (c^wr 6 yr^ Mcm-t^^ v 
y'y^y>mn^m\f^x^>'fy^y^mm^hr^±y^m 



^n%T^x\crfo^^-y^ vw^mm^(OT^'^y^^m: 
xx.^i>mmmxm^^^:^tt-x^^^ zL<D^^y^TJ>. 

fi. my^m^<r>^\^^^^y^'rMst\.xm^'r^^tii^x^ 

[0 0 9 31 *fc. ^m'^wsm':fx2^y^iii-jt'§n 

m^i^^VXTi!^±:^mmo:>m^fi!m\c:i(Dr'^ h 

n^^r^'k:^mm(om^^m\cth^j:^x±^mmm 

^myr^McM-r^^m^^mmcm^^^^t 

mi] :^mm<Dj^my7^/i^^^->:^y'j>^^mmvfc, 
^myr'^^i^i^:^y'^(Dnm^^j:m^^7^-rmxh^o 

-rmxh^o 

ff^^y^ hfi^Mmm<Dm^ti^tgim^^^'r^x^^. 

ms] mi(D:^-y^hf^mmmie\c$s\i^:s>yT-<^^'^m 
^mm-r^mx^h^o 

me] mi(o:^y^hmmmmiB{c^nhyT-(/i^'^m 
^m.m^^mx^^)o 

m7] mi<7y^-yh^^mmi2\c:}on^yT-(j^(o'§' 
s*5J:t^-< i^T'yi:^ ymm(D'^M^wi.m^^mxh^o 

ms] mi (o^-y^ h^^mm(D^y'-( h y a^^m-r 
^y"^ V y mmi(o^-^^^ ^wmf^mx^^. 

fm^)y^ Y^wm-^mx^^. 

mio] mi<oii^y^ v^imw<o^y7^f^ii^^'^^ 
y r ^ f^'^^<o'f—^^^^mm'r^mx^^. 

(Sill lastc^uyt^K^ Vf^i^m^xy r ^ 

nmm^notc^<o yr^ f\^mm^m^^^ mx^ So 

[11121 mi(o^w.yT^f^^'i^y'rJ^\c^\if^r^^ 
y^nm,(r>imm^m^'^mt^y'^—^^- vx^^. 

I|g|i3l mi<r>^^yr^J'^^^y^y'J>^\^^\1f^^M\^ 
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So 

10 ^Wcyr^^i^'ty^y'J^^ 



12-- 20 

120 >^T-</'^*W>r 
124, 144, 164, 184 ;^ h 

140 ^-'^mn'^mmmt^ 

160, 180, 20a y r ^^^^"^^mmu 

1244 -<:^v'5'^:J^1t«:7r-r/i- 

1444 ^^if^^:7T-f/t- 

1644, 1844 "T — ^yr-f/^ 
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1 44-0 
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II 5] 




1^1 6] 




(SDlnt.Cl. 

G 0 6 F 17/30 



12 0 
15 0 
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GO 6F 
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1 2 0 B 
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F^5^— 5B075 KK03 KK43 KK54 KK63 KK64 
KK66 KK67 
5B082 EAll FA16 GA13 
5B085 AAOl AA08 AE04 BA07 BG03 
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